diff --git a/playbooks/atlas/init/setup-reverse-proxy.yml b/playbooks/atlas/init/setup-reverse-proxy.yml new file mode 100644 index 0000000..9e3be7d --- /dev/null +++ b/playbooks/atlas/init/setup-reverse-proxy.yml @@ -0,0 +1,48 @@ + +# This playbook just installs nginx so that it is ready to configure +# we don't bother with extra user accounts like with Beta because we +# are only concerned with using nginx to serve fully containerized +# applications. Not static files +--- +- hosts: atlas + become: yes + vars: + CERT_EMAIL: "dev@shockrah.xyz" + SITES: + - search.project-athens.xyz + - files.leftcoast.space + - clips.shockrah.xyz + tasks: + - name: Install nginx + apt: + name: nginx + state: latest + + - name: Install Certbot + community.general.snap: + name: certbot + classic: yes + + - name: Push Configs + copy: + src: "{{ '../nginx-plain-conf/' ~ item }}" + dest: "{{ '/etc/nginx/sites-available/' ~ item }}" + loop: "{{ SITES }}" + + - name: Enable Sites in Nginx + file: + src: "/etc/nginx/sites-available/{{item}}" + dest: "/etc/nginx/sites-enabled/{{item}}" + state: link + loop: "{{ SITES }}" + + - name: Restart Nginx + service: + name: nginx + state: restarted + + - name: Install Certificates for all sites on this host + command: > + certbot -n --nginx -m "{{ CERT_EMAIL }}" --agree-tos + --domains "{{item}}" + loop: "{{ SITES }}" diff --git a/playbooks/atlas/nginx-plain-conf/clippable.yml b/playbooks/atlas/nginx-plain-conf/clippable.yml new file mode 100644 index 0000000..00cdbb9 --- /dev/null +++ b/playbooks/atlas/nginx-plain-conf/clippable.yml @@ -0,0 +1,30 @@ +# It is important to keep in mind that these websites are to be served under +# either port 80 or port 443. The reasoning for allowing port 80 connections +# is because the content here is not sensitive and I'm 100% sure I'm going +# to get traffic from glow-friends so there + +--- +- hosts: beta + become: yes + tasks: + - name: Push clips.shockrah.xyz config(nginx) + copy: + src: "clips.shockrah.xyz" + dest: "/etc/nginx/sites-available/clips.shockrah.xyz" + + - name: Enable clips nginx config + file: + src: /etc/nginx/sites-available/clips.shockrah.xyz + dest: /etc/nginx/sites-enabled/clips.shockrah.xyz + state: link + + - name: Restart Nginx + service: + name: nginx + state: restarted + + - name: Install New Certificate for all sites + command: > + certbot -n --nginx -m "dev@shockrah.xyz" --agree-tos + --domains clips.shockrah.xyz + diff --git a/playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz b/playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz new file mode 100644 index 0000000..cc44e25 --- /dev/null +++ b/playbooks/atlas/nginx-plain-conf/clips.shockrah.xyz @@ -0,0 +1,12 @@ +# This file contains a base configuration file for the projectathens +# It is to be overwritten by certbot later on so adjusting this config +# should not happen on the target server + +server { + server_name clips.shockrah.xyz; + location / { + proxy_pass http://127.0.0.1:8482; + } +} + + diff --git a/playbooks/atlas/nginx-plain-conf/disable-default.yml b/playbooks/atlas/nginx-plain-conf/disable-default.yml new file mode 100644 index 0000000..fd64c3f --- /dev/null +++ b/playbooks/atlas/nginx-plain-conf/disable-default.yml @@ -0,0 +1,10 @@ +--- +- hosts: alpha + tasks: + - name: Disable Default Nginx Site + become: yes + file: + path: /etc/nginx/sites-enabled/default + state: absent + + diff --git a/playbooks/atlas/nginx-plain-conf/files.leftcoast.space b/playbooks/atlas/nginx-plain-conf/files.leftcoast.space new file mode 100644 index 0000000..60c3e42 --- /dev/null +++ b/playbooks/atlas/nginx-plain-conf/files.leftcoast.space @@ -0,0 +1,14 @@ +# This file contains a base configuration file for the projectathens +# It is to be overwritten by certbot later on so adjusting this config +# should not happen on the target server + +server { + server_name files.leftcoast.space; + location / { + proxy_pass http://127.0.0.1:8000; + } + # Because we take large video/image file uploads + client_max_body_size 0; +} + + diff --git a/playbooks/atlas/nginx-plain-conf/main.yml b/playbooks/atlas/nginx-plain-conf/main.yml new file mode 100644 index 0000000..1b4af10 --- /dev/null +++ b/playbooks/atlas/nginx-plain-conf/main.yml @@ -0,0 +1,42 @@ +# This playbook just installs nginx so that it is ready to configure +# we don't bother with extra user accounts like with Beta because we +# are only concerned with using nginx to serve fully containerized +# applications. Not static files +--- +- hosts: alpha + become: yes + tasks: + - name: Install Certbot + community.general.snap: + name: certbot + classic: yes + + - name: Push Configs + copy: + src: "{{item}}" + dest: "/etc/nginx/sites-available/{{item}}" + loop: + - search.project-athens.xyz + - files.leftcoast.space + + - name: Enable Sites in Nginx + file: + src: "/etc/nginx/sites-available/{{item}}" + dest: "/etc/nginx/sites-enabled/{{item}}" + state: link + loop: + - search.project-athens.xyz + - files.leftcoast.space + + - name: Restart Nginx + service: + name: nginx + state: restarted + + - name: Install Certificates for all sites on this host + command: > + certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos + --domains "{{item}}" + loop: + - search.project-athens.xyz + - files.leftcoast.space diff --git a/playbooks/atlas/nginx-plain-conf/search.project-athens.xyz b/playbooks/atlas/nginx-plain-conf/search.project-athens.xyz new file mode 100644 index 0000000..ae00fd5 --- /dev/null +++ b/playbooks/atlas/nginx-plain-conf/search.project-athens.xyz @@ -0,0 +1,11 @@ +# This file contains a base configuration file for the projectathens +# It is to be overwritten by certbot later on so adjusting this config +# should not happen on the target server + +server { + server_name search.project-athens.xyz; + location / { + proxy_pass http://127.0.0.1:8080; + } +} +