websites: Add chmod777.sh
*chmod777.sh* is a simple static website, generated by Hugo. It is built and published from a Jenkins pipeline, which runs automatically when new commits are pushed to Gitea. The HTTPS certificate for this site is signed by Let's Encrypt and managed by `lego` in the `certs` submodule.jenkins-master
parent
2b49c5a02e
commit
db6d13013a
2
.certs
2
.certs
|
|
@ -1 +1 @@
|
||||||
Subproject commit 2f9f9ac148e5dc32f30ee447652fddd6f2fd7511
|
Subproject commit e335178e3fe9df1a82ac3de735d703b6a08939d0
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
../logo/chmod777.sh.crt
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
../logo/chmod777.sh.key
|
||||||
|
|
@ -4,6 +4,7 @@ dchwww_publisher_keys:
|
||||||
ebonfire_publisher_keys: '{{ dchwww_publisher_keys }}'
|
ebonfire_publisher_keys: '{{ dchwww_publisher_keys }}'
|
||||||
nratonpass_publisher_keys: '{{ dchwww_publisher_keys }}'
|
nratonpass_publisher_keys: '{{ dchwww_publisher_keys }}'
|
||||||
dcow_publisher_keys: '{{ dchwww_publisher_keys }}'
|
dcow_publisher_keys: '{{ dchwww_publisher_keys }}'
|
||||||
|
chmod777_publisher_keys: '{{ dchwww_publisher_keys }}'
|
||||||
apache_server_name: pyrocufflink.net
|
apache_server_name: pyrocufflink.net
|
||||||
apache_ssl_certificate:
|
apache_ssl_certificate:
|
||||||
/var/lib/letsencrypt/live/pyrocufflink.net/fullchain.pem
|
/var/lib/letsencrypt/live/pyrocufflink.net/fullchain.pem
|
||||||
|
|
|
||||||
|
|
@ -28,4 +28,5 @@ frontend main-tls
|
||||||
use_backend nextcloud-tls if { req_ssl_sni -i nextcloud.pyrocufflink.net }
|
use_backend nextcloud-tls if { req_ssl_sni -i nextcloud.pyrocufflink.net }
|
||||||
use_backend web-tls if { req_ssl_sni -i darkchestofwonders.us }
|
use_backend web-tls if { req_ssl_sni -i darkchestofwonders.us }
|
||||||
use_backend web-tls if { req_ssl_sni -i pyrocufflink.net }
|
use_backend web-tls if { req_ssl_sni -i pyrocufflink.net }
|
||||||
|
use_backend web-tls if { req_ssl_sni -i -m end chmod777.sh }
|
||||||
default_backend openvpn
|
default_backend openvpn
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
chmod777_publisher_keys: []
|
||||||
|
|
@ -0,0 +1,28 @@
|
||||||
|
<VirtualHost _default_:80>
|
||||||
|
ServerName chmod777.sh
|
||||||
|
ServerAlias blog.chmod777.sh www.chmod777.sh
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule (.*) https://chmod777.sh$1 [R=301,L]
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost _default_:443>
|
||||||
|
ServerName chmod777.sh
|
||||||
|
ServerAlias blog.chmod777.sh www.chmod777.sh
|
||||||
|
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{SERVER_NAME} !^chmod777\.sh
|
||||||
|
RewriteRule (.*) https://chmod777.sh$2 [R=301,L]
|
||||||
|
|
||||||
|
Include conf.d/ssl.include
|
||||||
|
SSLCertificateKeyFile /etc/pki/tls/private/chmod777.sh.key
|
||||||
|
SSLCertificateFile /etc/pki/tls/certs/chmod777.sh.cer
|
||||||
|
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
DocumentRoot /srv/www/chmod777.sh/htdocs
|
||||||
|
<Directory /srv/www/chmod777.sh/htdocs>
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
|
@ -0,0 +1,53 @@
|
||||||
|
- name: ensure rsync is installed
|
||||||
|
package:
|
||||||
|
name: rsync
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: ensure app group exists
|
||||||
|
group:
|
||||||
|
name: webapp.chmod777
|
||||||
|
state: present
|
||||||
|
- name: ensure app user exists
|
||||||
|
user:
|
||||||
|
name: webapp.chmod777
|
||||||
|
group: webapp.chmod777
|
||||||
|
home: /srv/www/chmod777.sh
|
||||||
|
createhome: yes
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensure app home directory permissions are set
|
||||||
|
file:
|
||||||
|
path: /srv/www/chmod777.sh
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: ensure app ssh home directory exists
|
||||||
|
file:
|
||||||
|
path: /srv/www/chmod777.sh/.ssh
|
||||||
|
mode: '0700'
|
||||||
|
owner: webapp.chmod777
|
||||||
|
group: webapp.chmod777
|
||||||
|
setype: ssh_home_t
|
||||||
|
- name: ensure publisher keys are trusted
|
||||||
|
authorized_key:
|
||||||
|
key: "{{ chmod777_publisher_keys|join('\n') }}"
|
||||||
|
user: webapp.chmod777
|
||||||
|
exclusive: true
|
||||||
|
- name: ensure authorized keys file permissions are correct
|
||||||
|
file:
|
||||||
|
path: /srv/www/chmod777.sh/.ssh/authorized_keys
|
||||||
|
mode: '0600'
|
||||||
|
owner: webapp.chmod777
|
||||||
|
group: webapp.chmod777
|
||||||
|
setype: ssh_home_t
|
||||||
|
|
||||||
|
- name: ensure apache is configured to serve chmod777.sh
|
||||||
|
copy:
|
||||||
|
src: chmod777.sh.httpd.conf
|
||||||
|
dest: /etc/httpd/conf.d/chmod777.sh.conf
|
||||||
|
mode: '0644'
|
||||||
|
notify: reload httpd
|
||||||
|
tags:
|
||||||
|
- httpd-config
|
||||||
|
|
@ -8,6 +8,14 @@
|
||||||
- websites/ebonfire.com
|
- websites/ebonfire.com
|
||||||
- websites/nratonpass.com
|
- websites/nratonpass.com
|
||||||
- websites/darkchestofwonders.us
|
- websites/darkchestofwonders.us
|
||||||
|
- role: cert
|
||||||
|
cert_src: websites/chmod777.sh.cer
|
||||||
|
cert_dest: /etc/pki/tls/certs/chmod777.sh.cer
|
||||||
|
cert_key_src: websites/chmod777.sh.key
|
||||||
|
cert_key_dest: /etc/pki/tls/private/chmod777.sh.key
|
||||||
|
tags: websites/chmod777.sh
|
||||||
|
- role: websites/chmod777.sh
|
||||||
|
tags: websites/chmod777.sh
|
||||||
tasks:
|
tasks:
|
||||||
- name: ensure httpd service is running
|
- name: ensure httpd service is running
|
||||||
service:
|
service:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue