diff --git a/host_vars/srv02 b/host_vars/srv02 index 3be525b..193ae24 100644 --- a/host_vars/srv02 +++ b/host_vars/srv02 @@ -6,4 +6,6 @@ hopglass_frontend_tls_crt: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/f hopglass_frontend_tls_key: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/privkey.pem media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem media_tls_key: /etc/letsencrypt/live/media.hamburg.freifunk.net/privkey.pem +meta_tls_crt: /etc/letsencrypt/live/hamburg.freifunk.net/fullchain.pem +meta_tls_key: /etc/letsencrypt/live/hamburg.freifunk.net/privkey.pem nginx_resolver: 127.0.0.1 diff --git a/production b/production index 2acbba2..6c5e13e 100644 --- a/production +++ b/production @@ -16,6 +16,9 @@ srv02 [media] srv02 +[meta] +srv02 + [nginx] gw03-new ansible_host=gw03-new.hamburg.freifunk.net diff --git a/roles/website/meta/defaults/main.yml b/roles/website/meta/defaults/main.yml new file mode 100644 index 0000000..2c4fcba --- /dev/null +++ b/roles/website/meta/defaults/main.yml @@ -0,0 +1,3 @@ +--- +meta_root: /var/www/meta +site: meta diff --git a/roles/website/meta/handlers/main.yml b/roles/website/meta/handlers/main.yml deleted file mode 100644 index 811526f..0000000 --- a/roles/website/meta/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: "{{ playbook_dir }}/roles/website/includes/base-static/handlers/main.yml" diff --git a/roles/website/meta/meta/main.yml b/roles/website/meta/meta/main.yml index f6688f0..8b662c9 100644 --- a/roles/website/meta/meta/main.yml +++ b/roles/website/meta/meta/main.yml @@ -1,4 +1,3 @@ --- dependencies: - role: nginx - diff --git a/roles/website/meta/tasks/main.yml b/roles/website/meta/tasks/main.yml index 775d260..43b4966 100644 --- a/roles/website/meta/tasks/main.yml +++ b/roles/website/meta/tasks/main.yml @@ -1,12 +1,13 @@ --- -- include: "{{ playbook_dir }}/roles/website/includes/base-static/tasks/main.yml" - vars: - site: ffhh_meta - domains: - - meta.hamburg.freifunk.net - ports: - - { number: 80, ssl: false } - - { number: 443, ssl: true } - document_root: { path: /var/www/ffhh/meta, create: true } - listing: true +- name: template site + template: + src: templates/site.j2 + dest: /etc/nginx/sites-available/{{ site }} + notify: reload nginx +- name: enable site + file: + src: ../sites-available/{{ site }} + dest: /etc/nginx/sites-enabled/{{ site }} + state: link + notify: reload nginx diff --git a/roles/website/meta/templates/site.j2 b/roles/website/meta/templates/site.j2 new file mode 100644 index 0000000..b5419d2 --- /dev/null +++ b/roles/website/meta/templates/site.j2 @@ -0,0 +1,30 @@ +{% if meta_tls_crt is defined %} +server { + server_name meta.hamburg.freifunk.net; + listen 443 ssl; + listen [::]:443 ssl; + ssl_certificate {{ meta_tls_crt }}; + ssl_certificate_key {{ meta_tls_key }}; + + root {{ meta_root }}; + include snippets/autoindex.conf; + include snippets/header-hsts.conf; + include snippets/no-unsafe-files.conf; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME /var/www/meta$fastcgi_script_name; + include fastcgi_params; + } +} + +{% endif %} +server { + server_name meta.hamburg.freifunk.net; + listen 80; + listen [::]:80; + + return 302 https://$server_name$request_uri; + + include snippets/location-acme.conf; +} diff --git a/services.yml b/services.yml index cb010ab..e36bea5 100644 --- a/services.yml +++ b/services.yml @@ -12,6 +12,11 @@ - website/media tags: media +- hosts: meta + roles: + - website/meta + tags: meta + - hosts: updates roles: - website/updates