aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
m---------library/inwx-collection0
-rw-r--r--nginx.conf50
-rw-r--r--nginx_nossl.conf7
-rw-r--r--playbook.yml5
-rw-r--r--setup_containers.yml2
-rw-r--r--setup_git.yml2
-rw-r--r--setup_webserver.yml8
7 files changed, 64 insertions, 10 deletions
diff --git a/library/inwx-collection b/library/inwx-collection
-Subproject 0ac040da14cc9d834098addc03cd8d4d26647df
+Subproject 2928298f35d66d265679e8188029ce5834b2898
diff --git a/nginx.conf b/nginx.conf
index 744bd01..d46c394 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -88,7 +88,6 @@ http {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.jaseg.net;
- root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem";
@@ -103,11 +102,33 @@ http {
add_header Strict-Transport-Security "max-age=86400";
+ return 301 https://blog.jaseg.de$request_uri;
+ }
+
+ server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name blog.jaseg.de;
+ root /usr/share/nginx/html;
+
+ ssl_certificate "/etc/letsencrypt/live/blog.jaseg.de/fullchain.pem";
+ ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.de/privkey.pem";
+ ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ resolver 67.207.67.2 67.207.67.3 valid=300s;
+ resolver_timeout 10s;
+
+ add_header Strict-Transport-Security "max-age=86400";
+
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
- root /var/www/blog.jaseg.net;
+ root /var/www/blog.jaseg.de;
}
location /d/ {
@@ -327,7 +348,6 @@ http {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.jaseg.net;
- root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/git.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/git.jaseg.net/privkey.pem";
@@ -342,6 +362,28 @@ http {
add_header Strict-Transport-Security "max-age=86400";
+ return 301 https://git.jaseg.de$request_uri;
+ }
+
+ server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name git.jaseg.de;
+ root /usr/share/nginx/html;
+
+ ssl_certificate "/etc/letsencrypt/live/git.jaseg.de/fullchain.pem";
+ ssl_certificate_key "/etc/letsencrypt/live/git.jaseg.de/privkey.pem";
+ ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ resolver 67.207.67.2 67.207.67.3 valid=300s;
+ resolver_timeout 10s;
+
+ add_header Strict-Transport-Security "max-age=86400";
+
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
@@ -351,7 +393,7 @@ http {
}
location ~ ^/(cgit.png|favicon.png) {
- alias /var/www/git.jaseg.net/cgit.png;
+ alias /var/www/git.jaseg.de/cgit.png;
}
location / {
diff --git a/nginx_nossl.conf b/nginx_nossl.conf
index 8d5a5a5..87de478 100644
--- a/nginx_nossl.conf
+++ b/nginx_nossl.conf
@@ -48,5 +48,12 @@ http {
server_name blog.jaseg.net;
return 301 https://$host$request_uri;
}
+
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name blog.jaseg.de;
+ return 301 https://$host$request_uri;
+ }
}
diff --git a/playbook.yml b/playbook.yml
index 6b1f46f..72beb91 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,5 +1,6 @@
- name: DNS setup
hosts: localhost
+ tags: dns
module_defaults:
inwx:
username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}"
@@ -7,7 +8,9 @@
vars:
subdomains:
- git.jaseg.net
+ - git.jaseg.de
- blog.jaseg.net
+ - blog.jaseg.de
- kochbuch.jaseg.net
- gerbolyze.jaseg.net
- tracespace.jaseg.net
@@ -42,7 +45,7 @@
- name: Install host requisites
dnf:
- name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
+ name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
state: latest
- name: Disable password-based root login
diff --git a/setup_containers.yml b/setup_containers.yml
index 4738f1e..8adb9da 100644
--- a/setup_containers.yml
+++ b/setup_containers.yml
@@ -1,7 +1,7 @@
---
- name: Install host requisites
dnf:
- name: btrfs-progs,arch-install-scripts,systemd-container,libselinux-python
+ name: btrfs-progs,arch-install-scripts,systemd-container,python3-libselinux
state: latest
- name: Create individual containers
diff --git a/setup_git.yml b/setup_git.yml
index 9d351e5..6e7d621 100644
--- a/setup_git.yml
+++ b/setup_git.yml
@@ -6,7 +6,7 @@
- name: Copy cgit favicon
copy:
src: cgit-logo.png
- dest: /var/www/git.jaseg.net/cgit.png
+ dest: /var/www/git.jaseg.de/cgit.png
- name: Create cgit instance config dir
file:
diff --git a/setup_webserver.yml b/setup_webserver.yml
index eb34a5b..4711ad0 100644
--- a/setup_webserver.yml
+++ b/setup_webserver.yml
@@ -17,8 +17,8 @@
group: nginx
mode: 0550
loop:
- - git.jaseg.net
- - blog.jaseg.net
+ - git.jaseg.de
+ - blog.jaseg.de
- kochbuch.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
@@ -46,12 +46,14 @@
state: restarted
- name: Create subdomain letsencrypt certificates
- command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.net
+ command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.de
args:
creates: /etc/letsencrypt/live/{{item}}/fullchain.pem
loop:
- git.jaseg.net
+ - git.jaseg.de
- blog.jaseg.net
+ - blog.jaseg.de
- kochbuch.jaseg.net
- gerbolyze.jaseg.net
- tracespace.jaseg.net