diff --git a/host_vars/srv04 b/host_vars/srv04 new file mode 100644 index 0000000..df080a5 --- /dev/null +++ b/host_vars/srv04 @@ -0,0 +1,3 @@ +ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt +ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key +nginx_resolver: 80.252.105.162 80.252.105.194 diff --git a/production b/production index 902c165..30167d8 100644 --- a/production +++ b/production @@ -1,6 +1,9 @@ [services] srv04 ansible_ssh_host=80.252.100.116 +[updates] +srv04 + [ffhh] srv04 diff --git a/roles/website/updates/defaults/main.yml b/roles/website/updates/defaults/main.yml new file mode 100644 index 0000000..bbafb82 --- /dev/null +++ b/roles/website/updates/defaults/main.yml @@ -0,0 +1,4 @@ +--- +site: updates +ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem +ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem diff --git a/roles/website/updates/files/updates_common.conf b/roles/website/updates/files/updates_common.conf new file mode 100644 index 0000000..9096f27 --- /dev/null +++ b/roles/website/updates/files/updates_common.conf @@ -0,0 +1,9 @@ +# Basis-Konfiguration für updates. + +root /var/www/updates; + +location / { + access_log off; + log_not_found off; + autoindex on; +} diff --git a/roles/website/updates/meta/main.yml b/roles/website/updates/meta/main.yml new file mode 100644 index 0000000..8b662c9 --- /dev/null +++ b/roles/website/updates/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: nginx diff --git a/roles/website/updates/tasks/main.yml b/roles/website/updates/tasks/main.yml new file mode 100644 index 0000000..577f5f1 --- /dev/null +++ b/roles/website/updates/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: copy updates_common.conf + copy: + src: files/updates_common.conf + dest: /etc/nginx/include + notify: reload nginx + +- name: template site + template: + src: templates/site.j2 + dest: /etc/nginx/sites-available/{{ site }} + notify: reload nginx + +- name: enable site + file: + src: /etc/nginx/sites-available/{{ site }} + dest: /etc/nginx/sites-enabled/{{ site }} + state: link + notify: reload nginx diff --git a/roles/website/updates/templates/site.j2 b/roles/website/updates/templates/site.j2 new file mode 100644 index 0000000..0f3dc6d --- /dev/null +++ b/roles/website/updates/templates/site.j2 @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name updates.hamburg.freifunk.net; + + ssl_certificate {{ ssl_certificate }}; + ssl_certificate_key {{ ssl_certificate_key }}; + + include /etc/nginx/include/updates_common.conf; +} + +server { + listen 80; + listen [::]:80; + + server_name updates.hamburg.freifunk.net; + + include /etc/nginx/include/updates_common.conf; + + # Kein HTTPS Redirect wg. Paketinstallation auf Routern +} + +server { + listen 80; + listen [::]:80; + + server_name 1.updates.services.ffhh; + + include /etc/nginx/include/updates_common.conf; +} diff --git a/services.yml b/services.yml index b1321fa..e120996 100644 --- a/services.yml +++ b/services.yml @@ -2,3 +2,7 @@ - hosts: services roles: - ntp-server + +- hosts: updates + roles: + - website/updates