diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-11-03 23:40:13 +0100 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-11-03 23:40:13 +0100 |
| commit | 0130c771a5476893cdb468a518fcd616ed86ef88 (patch) | |
| tree | ce1e800fc3de2ce6343c5921d8757acebb33bec1 | |
| parent | d2a53027387e16f5c01a5210a1e998e1fad6851a (diff) | |
| download | playbooks-ansible-0130c771a5476893cdb468a518fcd616ed86ef88.tar.gz playbooks-ansible-0130c771a5476893cdb468a518fcd616ed86ef88.tar.xz playbooks-ansible-0130c771a5476893cdb468a518fcd616ed86ef88.zip | |
Fix reverseproxy template
| -rw-r--r-- | host_vars/192.168.0.25 | 16 | ||||
| -rw-r--r-- | host_vars/51.15.179.153 | 7 | ||||
| -rw-r--r-- | host_vars/bpr7drsao5vozzr5.onion | 7 | ||||
| -rw-r--r-- | host_vars/d72vewh3wa4lwpaj.onion | 16 | ||||
| -rw-r--r-- | host_vars/manchester.casperlefantom.net | 16 | ||||
| -rw-r--r-- | host_vars/manchester.home.casperlefantom.net | 16 | ||||
| -rw-r--r-- | host_vars/ns4.casperlefantom.net | 7 | ||||
| -rw-r--r-- | roles/reverseproxy/tasks/main.yml | 1 | ||||
| -rw-r--r-- | roles/reverseproxy/templates/Caddyfile.j2 | 58 | ||||
| -rw-r--r-- | roles/reverseproxy/vars/main.yml | 56 |
10 files changed, 118 insertions, 82 deletions
diff --git a/host_vars/192.168.0.25 b/host_vars/192.168.0.25 index 0cb82cb..6c347e9 100644 --- a/host_vars/192.168.0.25 +++ b/host_vars/192.168.0.25 @@ -3,3 +3,19 @@ is_ntpmaster: true is_bridge: true is_mtamaster: true is_tormaster: true +domainhttps: + - admin.casperlefantom.net + - nsa.casperlefantom.net + - ns1.casperlefantom.net + - ntp1.casperlefantom.net + - imap.casperlefantom.net + - ssl.casperlefantom.net + - mail.casperlefantom.net + - smtp.casperlefantom.net + - voip.casperlefantom.net + - jabber.casperlefantom.net + - conference.casperlefantom.net + - manchester.admin.casperlefantom.net + - mirror.casperlefantom.net + - nsa.admin.casperlefantom.net + - bt1.admin.casperlefantom.net diff --git a/host_vars/51.15.179.153 b/host_vars/51.15.179.153 index 1550096..8c4ac94 100644 --- a/host_vars/51.15.179.153 +++ b/host_vars/51.15.179.153 @@ -5,4 +5,9 @@ bpburst: '7 MBytes' maxadvertised: '5 MBytes' outdoor: true is_ntpslave: true - +domainhttps: + - ns4.casperlefantom.net + - nsd.casperlefantom.net + - ntp4.casperlefantom.net + - nsd.admin.casperlefantom.net + - bt2.admin.casperlefantom.net diff --git a/host_vars/bpr7drsao5vozzr5.onion b/host_vars/bpr7drsao5vozzr5.onion index 1550096..8c4ac94 100644 --- a/host_vars/bpr7drsao5vozzr5.onion +++ b/host_vars/bpr7drsao5vozzr5.onion @@ -5,4 +5,9 @@ bpburst: '7 MBytes' maxadvertised: '5 MBytes' outdoor: true is_ntpslave: true - +domainhttps: + - ns4.casperlefantom.net + - nsd.casperlefantom.net + - ntp4.casperlefantom.net + - nsd.admin.casperlefantom.net + - bt2.admin.casperlefantom.net diff --git a/host_vars/d72vewh3wa4lwpaj.onion b/host_vars/d72vewh3wa4lwpaj.onion index 0cb82cb..6c347e9 100644 --- a/host_vars/d72vewh3wa4lwpaj.onion +++ b/host_vars/d72vewh3wa4lwpaj.onion @@ -3,3 +3,19 @@ is_ntpmaster: true is_bridge: true is_mtamaster: true is_tormaster: true +domainhttps: + - admin.casperlefantom.net + - nsa.casperlefantom.net + - ns1.casperlefantom.net + - ntp1.casperlefantom.net + - imap.casperlefantom.net + - ssl.casperlefantom.net + - mail.casperlefantom.net + - smtp.casperlefantom.net + - voip.casperlefantom.net + - jabber.casperlefantom.net + - conference.casperlefantom.net + - manchester.admin.casperlefantom.net + - mirror.casperlefantom.net + - nsa.admin.casperlefantom.net + - bt1.admin.casperlefantom.net diff --git a/host_vars/manchester.casperlefantom.net b/host_vars/manchester.casperlefantom.net index 0cb82cb..6c347e9 100644 --- a/host_vars/manchester.casperlefantom.net +++ b/host_vars/manchester.casperlefantom.net @@ -3,3 +3,19 @@ is_ntpmaster: true is_bridge: true is_mtamaster: true is_tormaster: true +domainhttps: + - admin.casperlefantom.net + - nsa.casperlefantom.net + - ns1.casperlefantom.net + - ntp1.casperlefantom.net + - imap.casperlefantom.net + - ssl.casperlefantom.net + - mail.casperlefantom.net + - smtp.casperlefantom.net + - voip.casperlefantom.net + - jabber.casperlefantom.net + - conference.casperlefantom.net + - manchester.admin.casperlefantom.net + - mirror.casperlefantom.net + - nsa.admin.casperlefantom.net + - bt1.admin.casperlefantom.net diff --git a/host_vars/manchester.home.casperlefantom.net b/host_vars/manchester.home.casperlefantom.net index 0cb82cb..6c347e9 100644 --- a/host_vars/manchester.home.casperlefantom.net +++ b/host_vars/manchester.home.casperlefantom.net @@ -3,3 +3,19 @@ is_ntpmaster: true is_bridge: true is_mtamaster: true is_tormaster: true +domainhttps: + - admin.casperlefantom.net + - nsa.casperlefantom.net + - ns1.casperlefantom.net + - ntp1.casperlefantom.net + - imap.casperlefantom.net + - ssl.casperlefantom.net + - mail.casperlefantom.net + - smtp.casperlefantom.net + - voip.casperlefantom.net + - jabber.casperlefantom.net + - conference.casperlefantom.net + - manchester.admin.casperlefantom.net + - mirror.casperlefantom.net + - nsa.admin.casperlefantom.net + - bt1.admin.casperlefantom.net diff --git a/host_vars/ns4.casperlefantom.net b/host_vars/ns4.casperlefantom.net index 1550096..8c4ac94 100644 --- a/host_vars/ns4.casperlefantom.net +++ b/host_vars/ns4.casperlefantom.net @@ -5,4 +5,9 @@ bpburst: '7 MBytes' maxadvertised: '5 MBytes' outdoor: true is_ntpslave: true - +domainhttps: + - ns4.casperlefantom.net + - nsd.casperlefantom.net + - ntp4.casperlefantom.net + - nsd.admin.casperlefantom.net + - bt2.admin.casperlefantom.net diff --git a/roles/reverseproxy/tasks/main.yml b/roles/reverseproxy/tasks/main.yml index dd880d6..32cb299 100644 --- a/roles/reverseproxy/tasks/main.yml +++ b/roles/reverseproxy/tasks/main.yml @@ -1,3 +1,4 @@ +- include_vars: email.yml - import_tasks: dirs.yml - import_tasks: config.yml - import_tasks: fw.yml diff --git a/roles/reverseproxy/templates/Caddyfile.j2 b/roles/reverseproxy/templates/Caddyfile.j2 index 86ce98c..753c63d 100644 --- a/roles/reverseproxy/templates/Caddyfile.j2 +++ b/roles/reverseproxy/templates/Caddyfile.j2 @@ -1,77 +1,63 @@ -{% for item in {{ ansible_hostname }}.static %} -"{{ item }}" { - tls "{{ email }}" +{% for item in domainhttps %} +{{ item }} { + tls {{ email }} gzip - log "{{ item }}_access.log" { + log {{ item }}_access.log { rotate_size 1 rotate_keep 10 } - errors "{{ item }}_error.log" { + errors {{ item }}_error.log { rotate_size 1 rotate_keep 10 } } {% endfor %} -{% for item in {{ ansible_hostname }}.redir %} -"{{ item.1 }}" { - tls "{{ email }}" - gzip - log "{{ item.1 }}_access.log" { - rotate_size 1 - rotate_keep 10 - } - errors "{{ item.1 }}_error.log" { - rotate_size 1 - rotate_keep 10 - } - redir https://"{{ item.2 }}"{uri} -} {% if outdoor is defined %} -{% for item in public.static %} -"{{ item }}" { - tls "{{ email }}" +{% for item in publicstatic %} +{{ item }} { + tls {{ email }} gzip - log "{{ item }}_access.log" { + log {{ item }}_access.log { rotate_size 1 rotate_keep 10 } - errors "{{ item }}_error.log" { + errors {{ item }}_error.log { rotate_size 1 rotate_keep 10 } } {% endfor %} -{% for item in public.redir %} -"{{ item.1 }}" { - tls "{{ email }}" +{% for item in publicredir %} +{{ item }} { + tls {{ email }} gzip - log "{{ item.1 }}_access.log" { + log {{ item }}_access.log { rotate_size 1 rotate_keep 10 } - errors "{{ item.1 }}_error.log" { + errors {{ item }}_error.log { rotate_size 1 rotate_keep 10 } - redir https://"{{ item.2 }}"{uri} + redir https://{{ redirection }}{uri} } {% endfor %} -{% for item in public.reverse %} -"{{ item }}" { - tls "{{ email }}" +{% for item in publicreverse %} +{{ item }} { + tls {{ email }} gzip - log "{{ item }}_access.log" { + log {{ item }}_access.log { rotate_size 1 rotate_keep 10 } - errors "{{ item }}_error.log" { + errors {{ item }}_error.log { rotate_size 1 rotate_keep 10 } - proxy / https://"{{ backendhost }}":"{{ backendport }}" { + proxy / https://{{ backendhost }}:{{ backendport }} { transparent insecure_skip_verify max_fails 60 diff --git a/roles/reverseproxy/vars/main.yml b/roles/reverseproxy/vars/main.yml index a321469..226ee88 100644 --- a/roles/reverseproxy/vars/main.yml +++ b/roles/reverseproxy/vars/main.yml @@ -1,45 +1,15 @@ -include_vars: email.yml - backendhost: 82.247.103.117 backendport: 4433 - -public: - - static: - - "{{ ansible_hostname }}.casperlefantom.net" - - jaysfoodventure.com - - redir: - - [ 'www.casperlefantom.net', 'casperlefantom.net' ] - - [ 'blog.casperlefantom.net', 'casperlefantom.net' ] - - reverse: - - casperlefantom.net - - search.casperlefantom.net - - dl.casperlefantom.net - - cirrus.casperlefantom.net - -manchester: - - static: - - admin.casperlefantom.net - - nsa.casperlefantom.net - - ns1.casperlefantom.net - - ntp1.casperlefantom.net - - imap.casperlefantom.net - - ssl.casperlefantom.net - - mail.casperlefantom.net - - smtp.casperlefantom.net - - voip.casperlefantom.net - - jabber.casperlefantom.net - - conference.casperlefantom.net - - manchester.admin.casperlefantom.net - - redir: - - [ 'mirror.casperlefantom.net', 'mirror.casperlefantom.net:4433' ] - - [ 'nsa.admin.casperlefantom.net', 'nsa.admin.casperlefantom.net:4433' ] - - [ 'bt1.admin.casperlefantom.net', 'bt1.admin.casperlefantom.net:4433' ] - -sd-129211: - - static: - - ns4.casperlefantom.net - - nsd.casperlefantom.net - - ntp4.casperlefantom.net - - redir: - - [ 'nsd.admin.casperlefantom.net', 'nsd.admin.casperlefantom.net:4433' ] - - [ 'bt2.admin.casperlefantom.net', 'bt2.admin.casperlefantom.net:4433' ] +redirection: casperlefantom.net + +publicstatic: + - "{{ ansible_hostname }}.casperlefantom.net" + - jaysfoodventure.com +publicredir: + - www.casperlefantom.net + - blog.casperlefantom.net +publicreverse: + - casperlefantom.net + - search.casperlefantom.net + - dl.casperlefantom.net + - cirrus.casperlefantom.net |