Update website/media role

2018-11-07 22:22:57 +01:00 · 2018-11-07 22:22:57 +01:00 · e8b7f0c6da
parent 4b39d2a02c
commit e8b7f0c6da
8 changed files with 48 additions and 14 deletions
--- a/host_vars/srv02
+++ b/host_vars/srv02
@ -4,4 +4,6 @@ basics_autoupdate_origins:
  - o=TorProject,n=${distro_codename}
 hopglass_frontend_tls_crt: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/fullchain.pem
 hopglass_frontend_tls_key: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/privkey.pem
+media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem
+media_tls_key: /etc/letsencrypt/live/media.hamburg.freifunk.net/privkey.pem
 nginx_resolver: 127.0.0.1
--- a/3
+++ b/3
@ -13,6 +13,9 @@ srv03
 [hopglass-frontend]
 srv02

+[media]
+srv02
+
 [nginx]
 gw03-new ansible_host=gw03-new.hamburg.freifunk.net

--- a/roles/website/media/defaults/main.yml
+++ b/roles/website/media/defaults/main.yml
@ -0,0 +1,3 @@
+---
+media_root: /var/www/media
+site: media
--- a/roles/website/media/handlers/main.yml
+++ b/roles/website/media/handlers/main.yml
@ -1,2 +0,0 @@
---
- include: "{{ playbook_dir }}/roles/website/includes/base-static/handlers/main.yml"
--- a/roles/website/media/meta/main.yml
+++ b/roles/website/media/meta/main.yml
@ -1,4 +1,3 @@
 ---
 dependencies:
  - role: nginx
-
--- a/roles/website/media/tasks/main.yml
+++ b/roles/website/media/tasks/main.yml
@ -1,13 +1,13 @@
 ---
- include: "{{ playbook_dir }}/roles/website/includes/base-static/tasks/main.yml"
-  vars:
-    site: ffhh_media
-    domains:
-      - media.services.ffhh
-      - media.hamburg.freifunk.net
-    ports:
-      - { number: 80, ssl: false }
-      - { number: 443, ssl: true }
-    document_root: { path: /var/www/ffhh/media, create: true }
-    listing: true
+- name: template site
+  template:
+    src: templates/site.j2
+    dest: /etc/nginx/sites-available/{{ site }}
+  notify: reload nginx

+- name: enable site
+  file:
+    src: ../sites-available/{{ site }}
+    dest: /etc/nginx/sites-enabled/{{ site }}
+    state: link
+  notify: reload nginx
--- a/roles/website/media/templates/site.j2
+++ b/roles/website/media/templates/site.j2
@ -0,0 +1,24 @@
+{% if media_tls_crt is defined %}
+server {
+    server_name media.hamburg.freifunk.net;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    ssl_certificate {{ media_tls_crt }};
+    ssl_certificate_key {{ media_tls_key }};
+
+    root {{ media_root }};
+    include snippets/autoindex.conf;
+    include snippets/header-hsts.conf;
+    include snippets/no-unsafe-files.conf;
+}
+
+{% endif %}
+server {
+    server_name media.hamburg.freifunk.net;
+    listen 80;
+    listen [::]:80;
+
+    return 302 https://$server_name$request_uri;
+
+    include snippets/location-acme.conf;
+}
--- a/services.yml
+++ b/services.yml
@ -7,6 +7,11 @@
  roles:
    - ntp-server

+- hosts: media
+  roles:
+    - website/media
+  tags: media
+
 - hosts: updates
  roles:
    - website/updates