1 files changed, 76 insertions, 1 deletions

diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml
index 8e9466cd..93871234 100644
--- a/chaos-at-home/ch-pan.yml
+++ b/chaos-at-home/ch-pan.yml
@@ -13,6 +13,81 @@
   roles:
   - role: network/bind
   - role: dyndns/server
-  - role: apt-repo/spreadspace
+  - role: acmetool/base
   - role: nginx/base
+  - role: apt-repo/spreadspace
   - role: monitoring/prometheus/exporter
+  - role: nginx/vhost
+    nginx_vhost:
+      name: captive-schaaas
+      content: |
+        server {
+            listen 80;
+            listen [::]:80;
+
+            access_log /dev/null;
+            error_log /var/log/nginx/captive-schaaas_error.log;
+
+            server_name captive.schaaas.at;
+
+            location / {
+                default_type text/plain;
+                return 200 "success";
+            }
+        }
+  - role: nginx/vhost
+    nginx_vhost:
+      name: dyn-schaaas
+      template: generic
+      hostnames:
+      - dyn.schaaas.at
+      acme: yes
+      extra_directives: |
+        access_log /var/log/nginx/dyn-schaaas_access.log;
+        error_log /var/log/nginx/dyn-schaaas_error.log;
+
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'unsafe-inline';";
+
+        root /var/www/dyn-schaaas;
+        index /index.shtml;
+        ssi on;
+      locations:
+        '= /raw':
+          extra_directives: |
+            types { }
+            default_type text/plain;
+            ssi_types text/plain;
+
+  post_tasks:
+  - name: create web-root for dyn.schaaas.at
+    file:
+      path: /var/www/dyn-schaaas
+      state: directory
+
+  - name: install content file for dyn.schaaas.at
+    loop:
+    - name: index.shtml
+      content: |
+        <html>
+          <head>
+            <title>dynamic DNS service...</title>
+            <meta charset="utf-8">
+          </head>
+          <body style="background-color: #eee; font-family: sans; font-weight: bold;">
+            <div style="max-width: 60%; margin-top: 100px; margin-left: auto; margin-right: auto;">
+              <div style="padding: 0.3em;">You're coming from</div>
+              <div style="padding: 0.5em 1em; background-color: #7e7e7e; text-align: center; font-size: 2em;"><!--#echo var="REMOTE_ADDR" --></div>
+            </div>
+          </body>
+        </html>
+    - name: raw
+      content: |
+        <!--#echo var="REMOTE_ADDR" -->
+    loop_control:
+      label: "{{ item.name }}"
+    copy:
+      content: "{{ item.content }}"
+      dest: "/var/www/dyn-schaaas/{{ item.name }}"