---
- name: Basic Setup
hosts: ch-pan
roles:
- role: apt-repo/base
- role: core/base
- role: core/sshd/base
- role: core/zsh
- role: core/ntp
- name: Payload Setup
hosts: ch-pan
roles:
- role: network/wireguard/base
- role: network/wireguard/p2p
- role: network/bind
- role: dyndns/server
- role: x509/acmetool/base
- role: nginx/base
- role: apt-repo/spreadspace
- role: whawty/auth/store
- role: whawty/auth/app
- role: monitoring/prometheus/exporter
- role: nginx/vhost
nginx_vhost:
name: captive-schaaas
content: |
server {
listen 80;
listen [::]:80;
access_log /dev/null;
error_log /var/log/nginx/captive-schaaas_error.log;
server_name captive.schaaas.at;
location / {
default_type text/plain;
return 200 "success";
}
}
- role: nginx/vhost
nginx_vhost:
name: dyn-schaaas
template: generic
hostnames:
- dyn.schaaas.at
tls:
certificate_provider: acmetool
logs:
access: /var/log/nginx/dyn-schaaas_access.log
error: /var/log/nginx/dyn-schaaas_error.log
extra_directives: |
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'unsafe-inline';";
root /var/www/dyn-schaaas;
index /index.shtml;
ssi on;
locations:
'= /raw':
custom: |
types { }
default_type text/plain;
ssi_types text/plain;
post_tasks:
- name: create web-root for dyn.schaaas.at
file:
path: /var/www/dyn-schaaas
state: directory
- name: install content file for dyn.schaaas.at
loop:
- name: index.shtml
content: |
dynamic DNS service...
- name: raw
content: |
loop_control:
label: "{{ item.name }}"
copy:
content: "{{ item.content }}"
dest: "/var/www/dyn-schaaas/{{ item.name }}"