stargate-cluster/vm-ansible
stargate-cluster/vm-ansible
1
0
Fork 0
Code Pull Requests Releases Activity

update to latest state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Torma Kristóf 2023-02-19 13:42:53 +01:00
parent 21a7c54b96
commit 3c883cdded
6 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
host_vars/bitwarden.yaml
View File

@ -4,5 +4,5 @@ webserver:
- domain: "bitwarden.tormakristof.eu"
port: 8080
bigrequests: false
https: true
https: false
...

9
infra.yaml
View File

@ -66,4 +66,13 @@
- internalsmtp
- backupscript
- backuphost
- name: "Deploy OpenVPN server"
hosts: openvpn
roles:
- netplan
- common
- openvpn
- customfirewall
- internalsmtp
...

11
roles/openvpn/tasks/main.yaml
View File

@ -4,7 +4,7 @@
update_cache: yes
state: present
name:
- openvpn-server
- openvpn
- name : "Enable ipv4 forwarding via sysctl"
ansible.posix.sysctl:
@ -16,7 +16,7 @@
- name: Enable and restart openvpn daemon
service:
name: openvpn
name: openvpn-server@stargate
state: restarted
enabled: yes
@ -41,6 +41,13 @@
-A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE
COMMIT
-A ufw-before-input -i tun+ -j ACCEPT
-A ufw-before-forward -i tun+ -j ACCEPT
-A ufw-before-forward -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -i tun+ -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -i eth2 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# END OPENVPN RULES
- name: Reload ufw

6
roles/webgateway/templates/nginx.conf
View File

@ -90,7 +90,7 @@ http {
}
}
{% endfor %}
{%- endfor %}
{%- for staticsite in static %}
server {
@ -105,7 +105,7 @@ http {
}
}
{% endfor %}
{%- endfor %}
{%- for redirectsite in redirect %}
server {
@ -117,7 +117,7 @@ http {
return 301 {{ redirectsite.destination }};
}
{% endfor %}
{%- endfor %}
server {
listen 443 ssl http2;

1
roles/webgateway/vars/main.yaml
View File

@ -13,7 +13,6 @@ proxy:
- {domain: grafana.tormakristof.eu, ip: monitoring.intra.tormakris.dev, bigrequests: false}
- {domain: yt.tormakristof.eu, ip: ytmirror.intra.tormakris.dev, bigrequests: true}
- {domain: mastodon.tormakristof.eu, ip: mastodon.intra.tormakris.dev, bigrequests: true}
- {domain: jitsi.tormakristof.eu, ip: jitsi.intra.tormakris.dev, bigrequests: false}
- {domain: speedtest.tormakristof.eu, ip: librespeed.intra.tormakris.dev, bigrequests: true}

14
roles/webserver/templates/nginx.conf
View File

@ -69,9 +69,9 @@ http {
server_name {{ server.domain }};
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
{%- if server.bigrequests %}
{% if server.bigrequests %}
client_max_body_size 8G;
{%- endif %}
{% endif %}
location /{
{% if server.https %}
proxy_pass https://127.0.0.1:{{ server.port }};
@ -88,8 +88,8 @@ http {
allow 192.168.69.0/24;
deny all;
}
{%- if server.additionallocations is defined %}
{%- for location in server.additionallocations %}
{% if server.additionallocations is defined %}
{% for location in server.additionallocations %}
location {{location.location}}{
{% if location.https %}
proxy_pass https://127.0.0.1:{{ location.port }};
@ -97,11 +97,11 @@ http {
proxy_pass http://127.0.0.1:{{ location.port }};
{% endif %}
}
{%- endfor %}
{%- endif %}
{% endfor %}
{% endif %}
}
{% endfor %}
{%- endfor %}
server {
listen 8888;