Update website/media role

This commit is contained in:
Alexander Dietrich 2018-11-07 22:22:57 +01:00
parent 4b39d2a02c
commit e8b7f0c6da
8 changed files with 48 additions and 14 deletions

View file

@ -4,4 +4,6 @@ basics_autoupdate_origins:
- o=TorProject,n=${distro_codename}
hopglass_frontend_tls_crt: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/fullchain.pem
hopglass_frontend_tls_key: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/privkey.pem
media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem
media_tls_key: /etc/letsencrypt/live/media.hamburg.freifunk.net/privkey.pem
nginx_resolver: 127.0.0.1

View file

@ -13,6 +13,9 @@ srv03
[hopglass-frontend]
srv02
[media]
srv02
[nginx]
gw03-new ansible_host=gw03-new.hamburg.freifunk.net

View file

@ -0,0 +1,3 @@
---
media_root: /var/www/media
site: media

View file

@ -1,2 +0,0 @@
---
- include: "{{ playbook_dir }}/roles/website/includes/base-static/handlers/main.yml"

View file

@ -1,4 +1,3 @@
---
dependencies:
- role: nginx

View file

@ -1,13 +1,13 @@
---
- include: "{{ playbook_dir }}/roles/website/includes/base-static/tasks/main.yml"
vars:
site: ffhh_media
domains:
- media.services.ffhh
- media.hamburg.freifunk.net
ports:
- { number: 80, ssl: false }
- { number: 443, ssl: true }
document_root: { path: /var/www/ffhh/media, create: true }
listing: true
- name: template site
template:
src: templates/site.j2
dest: /etc/nginx/sites-available/{{ site }}
notify: reload nginx
- name: enable site
file:
src: ../sites-available/{{ site }}
dest: /etc/nginx/sites-enabled/{{ site }}
state: link
notify: reload nginx

View file

@ -0,0 +1,24 @@
{% if media_tls_crt is defined %}
server {
server_name media.hamburg.freifunk.net;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate {{ media_tls_crt }};
ssl_certificate_key {{ media_tls_key }};
root {{ media_root }};
include snippets/autoindex.conf;
include snippets/header-hsts.conf;
include snippets/no-unsafe-files.conf;
}
{% endif %}
server {
server_name media.hamburg.freifunk.net;
listen 80;
listen [::]:80;
return 302 https://$server_name$request_uri;
include snippets/location-acme.conf;
}

View file

@ -7,6 +7,11 @@
roles:
- ntp-server
- hosts: media
roles:
- website/media
tags: media
- hosts: updates
roles:
- website/updates