Playbooks for fire wall and refreshing nginx

infra/static-vultr/ansible/files/shockrah.xyz.conf

@@ -1,4 +1,5 @@
 server {
+	listen 80;
 	root /opt/nginx/shockrah.xyz;
 	index index.html;
 	server_name shockrah.xyz;

infra/static-vultr/ansible/playbooks/refresh-nginx.yml

@@ -0,0 +1,29 @@
+---
+- hosts: webhost
+  remote_user: root
+  vars:
+    websites:
+      - shockrah.xyz
+      - temper.tv
+      - resume.shockrah.xyz
+  tasks:
+    - name: Upload configs
+      copy:
+        src: "../files/{{ item }}.conf"
+        dest: "/etc/nginx/sites-available/{{ item }}"
+      loop: "{{ websites }}"
+    - name: Enable the site configs with sym links
+      file:
+        src: "/etc/nginx/sites-available/{{ item }}"
+        dest: "/etc/nginx/sites-enabled/{{ item }}"
+        state: link
+      loop: "{{ websites }}"
+    - name: Ensure no default available
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+    - name: Restart nginx conf to pick up new config changes
+      service:
+        name: nginx
+        state: restarted
+

infra/static-vultr/ansible/playbooks/setup-firewall.yml

@@ -0,0 +1,7 @@
+---
+- hosts: webhost
+  remote_user: root
+  tasks:
+    - name: Setup UFW
+      import_tasks: ../tasks/ufw-setup.yml
+

infra/static-vultr/ansible/tasks/ufw-setup.yml

@@ -0,0 +1,15 @@
+- name: SSH Limit in fireweall
+  community.general.ufw:
+    rule: limit
+    port: ssh
+    proto: tcp
+- name: Allow web traffic as needed
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+    proto: tcp
+  loop:
+    - 80
+    - 443
+
+