Verified Commit e47d8e10 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add proper modular nginx role and a dbscripts specific config

parent 03eb989c
......@@ -12,5 +12,6 @@
- { role: opendkim, dkim_selector: orion }
- { role: postfix}
- archusers
- dbscripts
- nginx
- { role: dbscripts, repos_domain: "repos.archlinux.org" }
- sudo
$ANSIBLE_VAULT;1.1;AES256
37613433353765373835616636316630623836316464626530333165643665383438356561613164
6437326361383366636634353961633932646333343337620a383532633039663235323334386638
62376235346133313233393662633766376234613136356231366238653431306336343961313730
6230613130313731310a616465383536653830336333353234376265653263613532366564353132
39666538613236306465313837306234363764373530353766663135386264646437
......@@ -18,6 +18,14 @@
- name: set up sudoers.d for special users
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=644
notify:
- restart nginx
- name: put dbscripts.htpasswd in place
copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=640
- name: create Arch Linux-specific users
user:
name: "{{ item.key }}"
......
server {
listen 80 default_server;
listen [::];
server_name {{ repos_domain }};
root /srv/ftp;
satisfy any;
location /lastupdate {
allow all;
}
# Server at velocitynet
allow 66.211.214.130; # dom0.archlinux.org.
allow 66.211.214.131; # gudrun.archlinux.org.
allow 66.211.214.132; # gerolde.archlinux.org.
allow 2001:470:1f10:717::2/128; # gerolde's tunnel IP
# Thomas' home
#allow 87.193.186.180; # port-87-193-186-180.static.qsc.de.
allow 2001:1a80:3026::/48;
# orion.archlinux.org
allow 88.198.91.70;
allow 2a01:4f8:160:6087::1;
# brynhild.archlinux.org
allow 176.9.18.112;
allow 2a01:4f8:150:1261::2;
# alberich.archlinux.org
allow 216.151.172.98;
# allison.archlinux.de
allow 144.76.107.12;
allow 2a01:4f8:192:520b::2;
auth_basic "Restricted";
auth_basic_user_file auth/dbscripts.htpasswd;
autoindex on;
}
---
- name: restart nginx
service: name=nginx state=restarted
---
- name: install nginx
pacman: name=nginx-mainline state=present
- name: configure nginx
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=644
notify:
- restart nginx
- name: create nginx.d directory
file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=755
- name: create auth directory
file: state=directory path=/etc/nginx/auth owner=root group=root mode=755
- name: create default nginx log directory
file: state=directory path=/var/log/nginx/default owner=http group=log mode=750
- name: enable nginx
service: name=nginx enabled=yes
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 16M;
index index.php index.html index.htm;
access_log /var/log/nginx/default/access.log;
error_log /var/log/nginx/default/error.log;
include nginx.d/*.conf;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment