Merge pull request 'add dpaste.thezengarden.net; update cert refs; generic updates' (#1) from development into main
Reviewed-on: #1
This commit is contained in:
commit
98d43b1817
@ -39,12 +39,12 @@
|
|||||||
|
|
||||||
|
|
||||||
proxy_site_ssl_directory : /etc/nginx/ssl
|
proxy_site_ssl_directory : /etc/nginx/ssl
|
||||||
proxy_site_ssl_certificate : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain26.pem"
|
proxy_site_ssl_certificate : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain27.pem"
|
||||||
proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey26.pem"
|
proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey27.pem"
|
||||||
proxy_site_ssl_certificate_ch : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain15.pem"
|
proxy_site_ssl_certificate_ch : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain16.pem"
|
||||||
proxy_site_ssl_certificate_key_ch : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey15.pem"
|
proxy_site_ssl_certificate_key_ch : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey16.pem"
|
||||||
proxy_site_ssl_certificate_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain24.pem"
|
proxy_site_ssl_certificate_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain25.pem"
|
||||||
proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey24.pem"
|
proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey25.pem"
|
||||||
proxy_site_ssl_protocols : TLSv1.2
|
proxy_site_ssl_protocols : TLSv1.2
|
||||||
proxy_site_ssl_ciphers : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
|
proxy_site_ssl_ciphers : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
|
||||||
|
|
||||||
|
|||||||
@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
proxy_sites:
|
proxy_sites:
|
||||||
wiki.thezengarden.net:
|
# wiki.thezengarden.net:
|
||||||
proto : http
|
# proto : http
|
||||||
dest : docker.thezengarden.net
|
# dest : docker.thezengarden.net
|
||||||
port : 8081
|
# port : 8081
|
||||||
max_upload : "{{ proxy_default_max_upload }}"
|
# max_upload : "{{ proxy_default_max_upload }}"
|
||||||
|
|
||||||
|
|
||||||
git.thezengarden.net:
|
git.thezengarden.net:
|
||||||
@ -35,6 +35,11 @@ proxy_sites:
|
|||||||
port : 7777
|
port : 7777
|
||||||
max_upload : "{{ proxy_default_max_upload }}"
|
max_upload : "{{ proxy_default_max_upload }}"
|
||||||
|
|
||||||
|
dpaste.thezengarden.net:
|
||||||
|
proto : http
|
||||||
|
dest : podman.thezengarden.net
|
||||||
|
port : 8888
|
||||||
|
max_upload : "{{ proxy_default_max_upload }}"
|
||||||
|
|
||||||
ipam.thezengarden.net:
|
ipam.thezengarden.net:
|
||||||
proto : http
|
proto : http
|
||||||
@ -131,10 +136,10 @@ proxy_sites:
|
|||||||
max_upload : "{{ proxy_default_max_upload }}"
|
max_upload : "{{ proxy_default_max_upload }}"
|
||||||
|
|
||||||
|
|
||||||
pw-old.thezengarden.net:
|
# pw-old.thezengarden.net:
|
||||||
proto : http
|
# proto : http
|
||||||
dest : docker.thezengarden.net
|
# dest : docker.thezengarden.net
|
||||||
port : 8001
|
# port : 8001
|
||||||
|
|
||||||
|
|
||||||
pw.thezengarden.net:
|
pw.thezengarden.net:
|
||||||
@ -198,10 +203,10 @@ proxy_sites:
|
|||||||
port : 443
|
port : 443
|
||||||
|
|
||||||
|
|
||||||
sso.thezengarden.net:
|
# sso.thezengarden.net:
|
||||||
proto : https
|
# proto : https
|
||||||
dest : docker.thezengarden.net
|
# dest : docker.thezengarden.net
|
||||||
port : 9443
|
# port : 9443
|
||||||
|
|
||||||
|
|
||||||
stor1.thezengarden.net:
|
stor1.thezengarden.net:
|
||||||
@ -220,7 +225,6 @@ proxy_sites:
|
|||||||
proto: https
|
proto: https
|
||||||
dest: proxmox_nodes
|
dest: proxmox_nodes
|
||||||
upstream_servers:
|
upstream_servers:
|
||||||
- zg-vm1.thezengarden.net:8006
|
|
||||||
- zg-vm2.thezengarden.net:8006
|
- zg-vm2.thezengarden.net:8006
|
||||||
- zg-vm3.thezengarden.net:8006
|
- zg-vm3.thezengarden.net:8006
|
||||||
- zg-vm4.thezengarden.net:8006
|
- zg-vm4.thezengarden.net:8006
|
||||||
|
|||||||
@ -16,7 +16,7 @@ galaxy_info:
|
|||||||
# - CC-BY
|
# - CC-BY
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.4
|
min_ansible_version: "2.10"
|
||||||
|
|
||||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||||
# min_ansible_container_version:
|
# min_ansible_container_version:
|
||||||
@ -36,9 +36,9 @@ galaxy_info:
|
|||||||
# https://galaxy.ansible.com/api/v1/platforms/
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
#
|
#
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: EL
|
||||||
versions:
|
versions:
|
||||||
- 10
|
- all
|
||||||
# - name: Fedora
|
# - name: Fedora
|
||||||
# versions:
|
# versions:
|
||||||
# - all
|
# - all
|
||||||
|
|||||||
@ -5,7 +5,6 @@
|
|||||||
state: present
|
state: present
|
||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
|
|
||||||
- name: Enable nginx at boot time
|
- name: Enable nginx at boot time
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: nginx
|
name: nginx
|
||||||
@ -13,14 +12,12 @@
|
|||||||
tags: always
|
tags: always
|
||||||
when: ansible_virtualization_type != "docker"
|
when: ansible_virtualization_type != "docker"
|
||||||
|
|
||||||
|
|
||||||
- name: Clean conf.d
|
- name: Clean conf.d
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_site_conf_dir }}"
|
path: "{{ proxy_site_conf_dir }}"
|
||||||
state: absent
|
state: absent
|
||||||
tags: ['clean_deploy', 'never']
|
tags: ['clean_deploy', 'never']
|
||||||
|
|
||||||
|
|
||||||
- name: Create conf.d directory
|
- name: Create conf.d directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_site_conf_dir }}"
|
path: "{{ proxy_site_conf_dir }}"
|
||||||
@ -28,7 +25,6 @@
|
|||||||
mode: "0755"
|
mode: "0755"
|
||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
|
|
||||||
- name: Create log directory
|
- name: Create log directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ proxy_site_log_path }}"
|
path: "{{ proxy_site_log_path }}"
|
||||||
@ -36,7 +32,6 @@
|
|||||||
mode: "0755"
|
mode: "0755"
|
||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
|
|
||||||
## TODO: fix the perms on ssl certs!!@*&!@^&*
|
## TODO: fix the perms on ssl certs!!@*&!@^&*
|
||||||
|
|
||||||
- name: Clone ssl certs
|
- name: Clone ssl certs
|
||||||
@ -48,7 +43,6 @@
|
|||||||
tags: always
|
tags: always
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
|
||||||
- name: Write configuration file(s)
|
- name: Write configuration file(s)
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: proxy_site.j2
|
src: proxy_site.j2
|
||||||
@ -59,7 +53,6 @@
|
|||||||
tags: always
|
tags: always
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
|
|
||||||
- name: Start nginx
|
- name: Start nginx
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: nginx
|
name: nginx
|
||||||
|
|||||||
@ -1,2 +0,0 @@
|
|||||||
localhost
|
|
||||||
|
|
||||||
@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: localhost
|
|
||||||
remote_user: root
|
|
||||||
roles:
|
|
||||||
- zen_rev_proxy
|
|
||||||
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
# vars file for zen_rev_proxy
|
|
||||||
Loading…
x
Reference in New Issue
Block a user