diff options
| -rw-r--r-- | chaos-at-home/ch-pan.yml | 77 | ||||
| -rw-r--r-- | inventory/group_vars/promzone-chaos-at-home/vars.yml | 3 | ||||
| -rw-r--r-- | inventory/host_vars/ch-mimas.yml | 4 | ||||
| -rw-r--r-- | inventory/host_vars/ch-pan.yml | 4 |
4 files changed, 87 insertions, 1 deletions
diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml index 8e9466cd..93871234 100644 --- a/chaos-at-home/ch-pan.yml +++ b/chaos-at-home/ch-pan.yml @@ -13,6 +13,81 @@ roles: - role: network/bind - role: dyndns/server - - role: apt-repo/spreadspace + - role: acmetool/base - role: nginx/base + - role: apt-repo/spreadspace - role: monitoring/prometheus/exporter + - role: nginx/vhost + nginx_vhost: + name: captive-schaaas + content: | + server { + listen 80; + listen [::]:80; + + access_log /dev/null; + error_log /var/log/nginx/captive-schaaas_error.log; + + server_name captive.schaaas.at; + + location / { + default_type text/plain; + return 200 "success"; + } + } + - role: nginx/vhost + nginx_vhost: + name: dyn-schaaas + template: generic + hostnames: + - dyn.schaaas.at + acme: yes + extra_directives: | + access_log /var/log/nginx/dyn-schaaas_access.log; + error_log /var/log/nginx/dyn-schaaas_error.log; + + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'unsafe-inline';"; + + root /var/www/dyn-schaaas; + index /index.shtml; + ssi on; + locations: + '= /raw': + extra_directives: | + types { } + default_type text/plain; + ssi_types text/plain; + + post_tasks: + - name: create web-root for dyn.schaaas.at + file: + path: /var/www/dyn-schaaas + state: directory + + - name: install content file for dyn.schaaas.at + loop: + - name: index.shtml + content: | + <html> + <head> + <title>dynamic DNS service...</title> + <meta charset="utf-8"> + </head> + <body style="background-color: #eee; font-family: sans; font-weight: bold;"> + <div style="max-width: 60%; margin-top: 100px; margin-left: auto; margin-right: auto;"> + <div style="padding: 0.3em;">You're coming from</div> + <div style="padding: 0.5em 1em; background-color: #7e7e7e; text-align: center; font-size: 2em;"><!--#echo var="REMOTE_ADDR" --></div> + </div> + </body> + </html> + - name: raw + content: | + <!--#echo var="REMOTE_ADDR" --> + loop_control: + label: "{{ item.name }}" + copy: + content: "{{ item.content }}" + dest: "/var/www/dyn-schaaas/{{ item.name }}" diff --git a/inventory/group_vars/promzone-chaos-at-home/vars.yml b/inventory/group_vars/promzone-chaos-at-home/vars.yml index 2a71f94f..2e5e0ef9 100644 --- a/inventory/group_vars/promzone-chaos-at-home/vars.yml +++ b/inventory/group_vars/promzone-chaos-at-home/vars.yml @@ -32,3 +32,6 @@ prometheus_server_jobs: prometheus_zone_name: chaos@home prometheus_zone_targets: "{{ groups['promzone-chaos-at-home'] }}" + +## TODO: +## potential extra alert rule: (bind_zone_serial{instance="ch-mimas"} == bool on(job, view, zone_name) bind_zone_serial{instance="ch-pan"}) != 1 diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index 713cea1d..1b3525a8 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -15,6 +15,10 @@ spreadspace_apt_repo_components: ntp_variant: systemd-timesyncd +nginx_server_names_hash_bucket_size: 64 +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + + bind_option_empty_zones_enable: no bind_option_allow_transfer: [] bind_option_allow_recursion: diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index f7773554..c49f1401 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -41,6 +41,10 @@ sshd_allowusers_host: "{{ admin_users_host + ['dyndns'] }}" ntp_variant: systemd-timesyncd +nginx_server_names_hash_bucket_size: 64 +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + + dyndns: domain: schaaas.at soa: |