From dffccd4b86be0b058a7517b9a7743f011b6a4562 Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Sun, 28 Apr 2024 16:46:30 -0700
Subject: [PATCH] Playbooks for fire wall and refreshing nginx

---
 .../ansible/files/shockrah.xyz.conf           |  1 +
 .../ansible/playbooks/refresh-nginx.yml       | 29 +++++++++++++++++++
 .../ansible/playbooks/setup-firewall.yml      |  7 +++++
 .../static-vultr/ansible/tasks/ufw-setup.yml  | 15 ++++++++++
 4 files changed, 52 insertions(+)
 create mode 100644 infra/static-vultr/ansible/playbooks/refresh-nginx.yml
 create mode 100644 infra/static-vultr/ansible/playbooks/setup-firewall.yml
 create mode 100644 infra/static-vultr/ansible/tasks/ufw-setup.yml

diff --git a/infra/static-vultr/ansible/files/shockrah.xyz.conf b/infra/static-vultr/ansible/files/shockrah.xyz.conf
index d69be5b..96201cf 100644
--- a/infra/static-vultr/ansible/files/shockrah.xyz.conf
+++ b/infra/static-vultr/ansible/files/shockrah.xyz.conf
@@ -1,4 +1,5 @@
 server {
+	listen 80;
 	root /opt/nginx/shockrah.xyz;
 	index index.html;
 	server_name shockrah.xyz;
diff --git a/infra/static-vultr/ansible/playbooks/refresh-nginx.yml b/infra/static-vultr/ansible/playbooks/refresh-nginx.yml
new file mode 100644
index 0000000..77a701a
--- /dev/null
+++ b/infra/static-vultr/ansible/playbooks/refresh-nginx.yml
@@ -0,0 +1,29 @@
+---
+- hosts: webhost
+  remote_user: root
+  vars:
+    websites:
+      - shockrah.xyz
+      - temper.tv
+      - resume.shockrah.xyz
+  tasks:
+    - name: Upload configs
+      copy:
+        src: "../files/{{ item }}.conf"
+        dest: "/etc/nginx/sites-available/{{ item }}"
+      loop: "{{ websites }}"
+    - name: Enable the site configs with sym links
+      file:
+        src: "/etc/nginx/sites-available/{{ item }}"
+        dest: "/etc/nginx/sites-enabled/{{ item }}"
+        state: link
+      loop: "{{ websites }}"
+    - name: Ensure no default available
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+    - name: Restart nginx conf to pick up new config changes
+      service:
+        name: nginx
+        state: restarted
+
diff --git a/infra/static-vultr/ansible/playbooks/setup-firewall.yml b/infra/static-vultr/ansible/playbooks/setup-firewall.yml
new file mode 100644
index 0000000..9f61a5d
--- /dev/null
+++ b/infra/static-vultr/ansible/playbooks/setup-firewall.yml
@@ -0,0 +1,7 @@
+---
+- hosts: webhost
+  remote_user: root
+  tasks:
+    - name: Setup UFW
+      import_tasks: ../tasks/ufw-setup.yml
+
diff --git a/infra/static-vultr/ansible/tasks/ufw-setup.yml b/infra/static-vultr/ansible/tasks/ufw-setup.yml
new file mode 100644
index 0000000..d85484b
--- /dev/null
+++ b/infra/static-vultr/ansible/tasks/ufw-setup.yml
@@ -0,0 +1,15 @@
+- name: SSH Limit in fireweall
+  community.general.ufw:
+    rule: limit
+    port: ssh
+    proto: tcp
+- name: Allow web traffic as needed
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+    proto: tcp
+  loop:
+    - 80
+    - 443
+
+