Remove unused roles and variables
This commit is contained in:
parent
a2baf0f1a7
commit
7e739c8c70
|
@ -1,6 +1,5 @@
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
basics_autoupdate_mail: backend@hamburg.freifunk.net
|
basics_autoupdate_mail: backend@hamburg.freifunk.net
|
||||||
basics_autoupdate_reboot_time: "04:00"
|
|
||||||
|
|
||||||
nginx_error_log: "/dev/null error"
|
nginx_error_log: "/dev/null error"
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
nginx_ciphers: "ECDH+aRSA+CHACHA20:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384"
|
|
||||||
nginx_resolver: "[2a03:2267:2::10] [2a03:2267:2::20] [2a03:2267:2::30]"
|
|
||||||
openssl_ciphersuites: "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"
|
|
|
@ -3,9 +3,6 @@ basics_autoupdate_origins:
|
||||||
- o=Prosody,n=${distro_codename}
|
- o=Prosody,n=${distro_codename}
|
||||||
- o=TorProject,n=${distro_codename}
|
- o=TorProject,n=${distro_codename}
|
||||||
|
|
||||||
hopglass_frontend_tls_crt: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/fullchain.pem
|
|
||||||
hopglass_frontend_tls_key: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/privkey.pem
|
|
||||||
|
|
||||||
media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem
|
media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem
|
||||||
media_tls_key: /etc/letsencrypt/live/media.hamburg.freifunk.net/privkey.pem
|
media_tls_key: /etc/letsencrypt/live/media.hamburg.freifunk.net/privkey.pem
|
||||||
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
hopglass_frontend_path: /opt/hopglass-frontend
|
|
||||||
nodejs_version: node_8.x
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
dependencies:
|
|
||||||
- role: nginx
|
|
|
@ -1,42 +0,0 @@
|
||||||
---
|
|
||||||
- name: clone hopglass
|
|
||||||
git:
|
|
||||||
repo: "https://github.com/hopglass/hopglass"
|
|
||||||
dest: "{{ hopglass_frontend_path }}"
|
|
||||||
accept_hostkey: yes
|
|
||||||
update: no
|
|
||||||
|
|
||||||
- name: create build directory
|
|
||||||
file:
|
|
||||||
path: "{{ hopglass_frontend_path }}/build"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: template config.json
|
|
||||||
template:
|
|
||||||
src: hopglass-config.j2
|
|
||||||
dest: "{{ hopglass_frontend_path }}/build/config.json"
|
|
||||||
|
|
||||||
- name: template nginx site
|
|
||||||
template:
|
|
||||||
src: nginx-site.j2
|
|
||||||
dest: /etc/nginx/sites-available/hopglass
|
|
||||||
notify: reload nginx
|
|
||||||
|
|
||||||
- name: enable site
|
|
||||||
file:
|
|
||||||
src: ../sites-available/hopglass
|
|
||||||
dest: /etc/nginx/sites-enabled/hopglass
|
|
||||||
state: link
|
|
||||||
notify: reload nginx
|
|
||||||
|
|
||||||
- name: template make-hopglass-frontend
|
|
||||||
template:
|
|
||||||
src: make-hopglass-frontend.j2
|
|
||||||
dest: /usr/local/bin/make-hopglass-frontend
|
|
||||||
mode: 0755
|
|
||||||
register: make
|
|
||||||
|
|
||||||
- name: show usage information
|
|
||||||
debug:
|
|
||||||
msg: ">>> Because Node.js is terrible, please run make-hopglass-frontend manually. <<<"
|
|
||||||
when: make.changed
|
|
|
@ -1,33 +0,0 @@
|
||||||
---
|
|
||||||
- name: check for npm
|
|
||||||
find:
|
|
||||||
paths: [/bin, /usr/bin, /usr/local/bin]
|
|
||||||
patterns: npm
|
|
||||||
file_type: any
|
|
||||||
register: npm
|
|
||||||
|
|
||||||
- name: install APT HTTPS transport
|
|
||||||
apt:
|
|
||||||
name: apt-transport-https
|
|
||||||
cache_valid_time: 86400
|
|
||||||
when: npm.matched == 0
|
|
||||||
|
|
||||||
- name: add NodeSource signing key
|
|
||||||
apt_key:
|
|
||||||
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
|
|
||||||
id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
|
|
||||||
when: npm.matched == 0
|
|
||||||
|
|
||||||
- name: add NodeSource repository
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb https://deb.nodesource.com/{{ nodejs_version }} {{ ansible_lsb.codename }} main"
|
|
||||||
filename: nodesource
|
|
||||||
when: npm.matched == 0
|
|
||||||
|
|
||||||
- name: install Node.js
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- build-essential
|
|
||||||
- nodejs
|
|
||||||
cache_valid_time: 86400
|
|
||||||
when: npm.matched == 0
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- include: install-nodejs.yml
|
|
||||||
tags: nodejs
|
|
||||||
- include: install-hopglass.yml
|
|
||||||
tags: hopglass-frontend
|
|
|
@ -1,63 +0,0 @@
|
||||||
{
|
|
||||||
"dataPath": "https://hopglass-backend.hamburg.freifunk.net/",
|
|
||||||
"siteName": "Freifunk Hamburg",
|
|
||||||
"mapSigmaScale": 1.1,
|
|
||||||
"showContact": false,
|
|
||||||
"maxAge": 2,
|
|
||||||
"mapLayers": [
|
|
||||||
{
|
|
||||||
"name": "OpenStreetMap",
|
|
||||||
"url": "https://{s}.tile.openstreetmap.de/tiles/osmde/{z}/{x}/{y}.png",
|
|
||||||
"config": {
|
|
||||||
"maxZoom": 18,
|
|
||||||
"attribution": "© <a href=\"https://www.openstreetmap.org/copyright\">OpenStreetMap</a>"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "Satellitenbild",
|
|
||||||
"url": "https://server.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer/tile/{z}/{y}/{x}",
|
|
||||||
"config": {
|
|
||||||
"attribution": "Tiles © Esri — Source: Esri, i-cubed, USDA, USGS, AEX, GeoEye, Getmapping, Aerogrid, IGN, IGP, UPR-EGP, and the GIS User Community"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "Stamen (TonerLite)",
|
|
||||||
"url": "https://stamen-tiles-{s}.a.ssl.fastly.net/toner-lite/{z}/{x}/{y}.png",
|
|
||||||
"config": {
|
|
||||||
"maxZoom": 20,
|
|
||||||
"attribution": "Map tiles by <a href=\"https://stamen.com\">Stamen Design</a>, <a href=\"https://creativecommons.org/licenses/by/3.0\">CC BY 3.0</a> — Map data © <a href=\"https://www.openstreetmap.org/copyright\">OpenStreetMap</a>"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"nodeInfos": [
|
|
||||||
{
|
|
||||||
"name": "Clientstatistik",
|
|
||||||
"href": "https://statistik.hamburg.freifunk.net/dashboard/db/freifunk-knoteninfo-knoten-id?var-region=ffhh&var-knoten={NODE_ID}",
|
|
||||||
"thumbnail": "https://statistik.hamburg.freifunk.net/render/dashboard-solo/db/freifunk-knoteninfo-knoten-id?panelId=1&var-region=ffhh&var-knoten={NODE_ID}&theme=light&width=530&height=332&from=now-3d",
|
|
||||||
"caption": "Verbundene Clients in den letzten 3 Tage an Knoten {NODE_ID}"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"globalInfos": [
|
|
||||||
{
|
|
||||||
"name": "Clientstatistik (gesamt)",
|
|
||||||
"href": "https://statistik.hamburg.freifunk.net/dashboard/db/freifunk-ubersicht?var-region=ffhh",
|
|
||||||
"thumbnail": "https://statistik.hamburg.freifunk.net/render/dashboard-solo/db/freifunk-ubersicht?panelId=1&var-region=ffhh&theme=light&width=530&height=332&from=now-3d",
|
|
||||||
"caption": "Verbundene Clients in den letzten 3 Tagen"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"linkInfos": [],
|
|
||||||
"siteNames": [
|
|
||||||
{ "site": "ffhh", "name": "Hamburg" },
|
|
||||||
{ "site": "ffhh-nowe", "name": "Hamburg-NordWest" },
|
|
||||||
{ "site": "ffhh-ost", "name": "Hamburg-Ost" },
|
|
||||||
{ "site": "ffhh-sued", "name": "Hamburg-Sued" },
|
|
||||||
{ "site": "ffhh-west", "name": "Hamburg-West" }
|
|
||||||
],
|
|
||||||
"domainNames": [
|
|
||||||
{ "domain": "ffhh_nowe", "name": "Hamburg-NordWest" },
|
|
||||||
{ "domain": "ffhh_ost", "name": "Hamburg-Ost" },
|
|
||||||
{ "domain": "ffhh_sued", "name": "Hamburg-Sued" },
|
|
||||||
{ "domain": "ffhh_west", "name": "Hamburg-West" }
|
|
||||||
],
|
|
||||||
"hwImg": []
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
||||||
|
|
||||||
cd {{ hopglass_frontend_path }}
|
|
||||||
npm install
|
|
||||||
npm install grunt-cli
|
|
||||||
node_modules/.bin/grunt
|
|
|
@ -1,40 +0,0 @@
|
||||||
{% if hopglass_frontend_tls_crt is defined %}
|
|
||||||
server {
|
|
||||||
server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
ssl_certificate {{ hopglass_frontend_tls_crt }};
|
|
||||||
ssl_certificate_key {{ hopglass_frontend_tls_key }};
|
|
||||||
|
|
||||||
include snippets/header-hsts.conf;
|
|
||||||
include snippets/no-unsafe-files.conf;
|
|
||||||
|
|
||||||
add_header Referrer-Policy same-origin;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
proxy_hide_header Referrer-Policy;
|
|
||||||
proxy_hide_header X-Content-Type-Options;
|
|
||||||
proxy_hide_header X-XSS-Protection;
|
|
||||||
|
|
||||||
root {{ hopglass_frontend_path }}/build;
|
|
||||||
}
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
server {
|
|
||||||
server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
{% if hopglass_frontend_tls_crt is defined %}
|
|
||||||
location / {
|
|
||||||
return 302 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
{% else %}
|
|
||||||
include snippets/header-security.conf;
|
|
||||||
include snippets/no-unsafe-files.conf;
|
|
||||||
|
|
||||||
root {{ hopglass_frontend_path }}/build;
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
include snippets/location-acme.conf;
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- name: restart ntpd
|
|
||||||
service:
|
|
||||||
name: ntp
|
|
||||||
state: restarted
|
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
- name: install ntpd
|
|
||||||
apt:
|
|
||||||
name: ntp
|
|
||||||
state: present
|
|
||||||
tags: ntp
|
|
||||||
|
|
||||||
- name: template ntp.conf
|
|
||||||
template:
|
|
||||||
src: ntp.conf.j2
|
|
||||||
dest: /etc/ntp.conf
|
|
||||||
backup: yes
|
|
||||||
notify: restart ntpd
|
|
||||||
tags: ntp
|
|
||||||
|
|
||||||
- name: start and enable ntpd
|
|
||||||
service:
|
|
||||||
name: ntp
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
tags: ntp
|
|
|
@ -1,36 +0,0 @@
|
||||||
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
|
||||||
|
|
||||||
driftfile /var/lib/ntp/ntp.drift
|
|
||||||
|
|
||||||
logfile /var/log/ntpstats/ntp.log
|
|
||||||
|
|
||||||
statistics loopstats peerstats clockstats
|
|
||||||
filegen loopstats file loopstats type day enable
|
|
||||||
filegen peerstats file peerstats type day enable
|
|
||||||
filegen clockstats file clockstats type day enable
|
|
||||||
|
|
||||||
server 127.127.1.0
|
|
||||||
fudge 127.127.1.0 stratum 10
|
|
||||||
|
|
||||||
server ptbtime1.ptb.de
|
|
||||||
server ptbtime2.ptb.de
|
|
||||||
server ptbtime3.ptb.de
|
|
||||||
|
|
||||||
# Restrict all incoming connection
|
|
||||||
restrict -4 default ignore
|
|
||||||
restrict -6 default ignore
|
|
||||||
|
|
||||||
restrict 192.53.103.108 nomodify notrap nopeer noquery
|
|
||||||
restrict 192.53.103.104 nomodify notrap nopeer noquery
|
|
||||||
restrict 192.53.103.103 nomodify notrap nopeer noquery
|
|
||||||
|
|
||||||
# Local users may interrogate the ntp server more closely.
|
|
||||||
restrict 127.0.0.1
|
|
||||||
restrict -6 ::1
|
|
||||||
|
|
||||||
# Disable the monlist request as this is associated with ntp
|
|
||||||
# amplification attacks
|
|
||||||
disable monitor
|
|
||||||
restrict {{ prefix4.split("/")[0] }} mask {{ prefix4 | ipaddr('netmask') }} nomodify notrap nopeer
|
|
||||||
restrict {{ prefix6.split("/")[0] }} mask {{ prefix6 | ipaddr('netmask') }} nomodify notrap nopeer
|
|
||||||
|
|
|
@ -1,12 +1,4 @@
|
||||||
---
|
---
|
||||||
- hosts: hopglass-frontend
|
|
||||||
roles:
|
|
||||||
- hopglass-frontend
|
|
||||||
|
|
||||||
- hosts: services
|
|
||||||
roles:
|
|
||||||
- ntp-server
|
|
||||||
|
|
||||||
- hosts: media
|
- hosts: media
|
||||||
roles:
|
roles:
|
||||||
- website/media
|
- website/media
|
||||||
|
|
Loading…
Reference in a new issue