website: Deploy Tabitha's website
Tabihta's website is a very simple, static HTML site. It uploaded via SFTP and served at *tabitha.biz*.jenkins-master
parent
4aa3cdddd9
commit
910d430e1e
|
|
@ -0,0 +1 @@
|
||||||
|
../lego/tabitha.biz.crt
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
../lego/tabitha.biz.key
|
||||||
|
|
@ -7,3 +7,5 @@ dcow_publisher_keys: '{{ dchwww_publisher_keys }}'
|
||||||
chmod777_publisher_keys: '{{ dchwww_publisher_keys }}'
|
chmod777_publisher_keys: '{{ dchwww_publisher_keys }}'
|
||||||
apache_server_name: pyrocufflink.net
|
apache_server_name: pyrocufflink.net
|
||||||
userdir_proxy_backend: http://files.pyrocufflink.blue
|
userdir_proxy_backend: http://files.pyrocufflink.blue
|
||||||
|
tabitha_publisher_keys:
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbeVaQ5eGTaQU9P0sqo9R2IISoe50qS/Hv/vvFdt3ce tabitha@Tabithas-MacBook-Pro.local
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,27 @@
|
||||||
|
<VirtualHost _default_:80>
|
||||||
|
ServerName tabitha.biz
|
||||||
|
ServerAlias www.tabitha.biz
|
||||||
|
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost _default_:443>
|
||||||
|
ServerName tabitha.biz
|
||||||
|
ServerAlias www.tabitha.biz
|
||||||
|
|
||||||
|
Include conf.d/ssl.include
|
||||||
|
SSLCertificateKeyFile /etc/pki/tls/private/tabitha.biz.key
|
||||||
|
SSLCertificateFile /etc/pki/tls/certs/tabitha.biz.cer
|
||||||
|
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header always set \
|
||||||
|
Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
|
||||||
|
DocumentRoot /srv/www/tabitha/htdocs
|
||||||
|
<Directory /srv/www/tabitha/htdocs>
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
|
@ -0,0 +1,9 @@
|
||||||
|
dependencies:
|
||||||
|
- role: cert
|
||||||
|
vars:
|
||||||
|
cert_src: websites/tabitha.biz.cer
|
||||||
|
cert_dest: /etc/pki/tls/certs/tabitha.biz.cer
|
||||||
|
cert_key_src: websites/tabitha.biz.key
|
||||||
|
cert_key_dest: /etc/pki/tls/private/tabitha.biz.key
|
||||||
|
tags:
|
||||||
|
- websites/darkchestofwonders.us
|
||||||
|
|
@ -0,0 +1,37 @@
|
||||||
|
- name: ensure app group exists
|
||||||
|
group:
|
||||||
|
name: webapp.tabitha
|
||||||
|
state: present
|
||||||
|
- name: ensure app user exists
|
||||||
|
user:
|
||||||
|
name: webapp.tabitha
|
||||||
|
group: webapp.tabitha
|
||||||
|
home: /srv/www/tabitha
|
||||||
|
createhome: true
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensure app home directory permissions are set
|
||||||
|
file:
|
||||||
|
path: /srv/www/tabitha
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: ensure publisher keys are trusted
|
||||||
|
authorized_key:
|
||||||
|
key: "{{ tabitha_publisher_keys|join('\n') }}"
|
||||||
|
user: webapp.tabitha
|
||||||
|
exclusive: true
|
||||||
|
- name: ensure authorized_keys file permissions are correct
|
||||||
|
file:
|
||||||
|
path: /srv/www/tabitha/.ssh/authorized_keys
|
||||||
|
mode: '0600'
|
||||||
|
owner: webapp.tabitha
|
||||||
|
group: webapp.tabitha
|
||||||
|
setype: ssh_home_t
|
||||||
|
|
||||||
|
- name: ensure apache is configured to serve tabitha.biz
|
||||||
|
copy:
|
||||||
|
src: tabitha.httpd.conf
|
||||||
|
dest: /etc/httpd/conf.d/tabitha.conf
|
||||||
|
mode: '0644'
|
||||||
|
notify: reload httpd
|
||||||
|
|
@ -45,6 +45,9 @@
|
||||||
tags:
|
tags:
|
||||||
- websites/proxy
|
- websites/proxy
|
||||||
- websites/hatch.chat
|
- websites/hatch.chat
|
||||||
|
- role: websites/tabitha
|
||||||
|
tags:
|
||||||
|
- websites/tabitha
|
||||||
tasks:
|
tasks:
|
||||||
- name: ensure httpd service is running
|
- name: ensure httpd service is running
|
||||||
service:
|
service:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue