--- - name: Basic Setup hosts: ch-pan roles: - role: apt-repo/base - role: core/base - role: core/sshd/base - role: core/zsh - role: core/ntp - name: Payload Setup hosts: ch-pan roles: - role: network/wireguard/base - role: network/wireguard/p2p - role: network/bind - role: dyndns/server - role: x509/acmetool/base - role: nginx/base - role: apt-repo/spreadspace - role: monitoring/prometheus/exporter - role: nginx/vhost nginx_vhost: name: captive-schaaas content: | server { listen 80; listen [::]:80; access_log /dev/null; error_log /var/log/nginx/captive-schaaas_error.log; server_name captive.schaaas.at; location / { default_type text/plain; return 200 "success"; } } - role: nginx/vhost nginx_vhost: name: dyn-schaaas template: generic hostnames: - dyn.schaaas.at tls: certificate_provider: acmetool logs: access: /var/log/nginx/dyn-schaaas_access.log error: /var/log/nginx/dyn-schaaas_error.log extra_directives: | add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'unsafe-inline';"; root /var/www/dyn-schaaas; index /index.shtml; ssi on; locations: '= /raw': custom: | types { } default_type text/plain; ssi_types text/plain; post_tasks: - name: create web-root for dyn.schaaas.at file: path: /var/www/dyn-schaaas state: directory - name: install content file for dyn.schaaas.at loop: - name: index.shtml content: |