diff --git a/group_vars/dch-proxy.yml b/group_vars/dch-proxy.yml index a832e9d..91d869d 100644 --- a/group_vars/dch-proxy.yml +++ b/group_vars/dch-proxy.yml @@ -54,7 +54,7 @@ dch_proxy_sites: matcher: dom - backend: kubernetes match: ntfy.pyrocufflink.net -- backend: kubernetes +- backend: web match: darkchestofwonders.us - backend: kubernetes match: invoiceninja.pyrocufflink.net diff --git a/roles/websites/darkchestofwonders.us/meta/main.yml b/roles/websites/darkchestofwonders.us/meta/main.yml deleted file mode 100644 index ffa06dc..0000000 --- a/roles/websites/darkchestofwonders.us/meta/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- role: cert - vars: - cert_src: websites/darkchestofwonders.us.cer - cert_dest: /etc/pki/tls/certs/darkchestofwonders.us.cer - cert_key_src: websites/darkchestofwonders.us.key - cert_key_dest: /etc/pki/tls/private/darkchestofwonders.us.key - tags: - - websites/darkchestofwonders.us \ No newline at end of file diff --git a/roles/websites/darkchestofwonders.us/tasks/main.yml b/roles/websites/darkchestofwonders.us/tasks/main.yml index f4910a8..9f7d830 100644 --- a/roles/websites/darkchestofwonders.us/tasks/main.yml +++ b/roles/websites/darkchestofwonders.us/tasks/main.yml @@ -1,3 +1,49 @@ +- name: ensure rsync is installed + package: + name: rsync + state: present + tags: + - install + +- name: ensure app group exists + group: + name: webapp.dcow + state: present +- name: ensure app user exists + user: + name: webapp.dcow + group: webapp.dcow + home: /srv/www/darkchestofwonders.us + createhome: true + state: present + +- name: ensure app home directory permissions are set + file: + path: /srv/www/darkchestofwonders.us + mode: u=rwx,go=rx + state: directory + +- name: ensure app ssh home directory exists + file: + path: /srv/www/darkchestofwonders.us/.ssh + mode: '0700' + owner: webapp.dcow + group: webapp.dcow + setype: ssh_home_t + state: directory +- name: ensure publisher keys are trusted + authorized_key: + key: "{{ dcow_publisher_keys|join('\n') }}" + user: webapp.dcow + exclusive: true +- name: ensure authorized_keys file permissions are correct + file: + path: /srv/www/darkchestofwonders.us/.ssh/authorized_keys + mode: u=rw,go= + owner: webapp.dcow + group: webapp.dcow + setype: ssh_home_t + - name: ensure apache is configured to serve darkchestofwonders.us template: src=darkchestofwonders.us.httpd.conf.j2 diff --git a/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 b/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 index 65f4c83..52e85ff 100644 --- a/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 +++ b/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 @@ -1,9 +1,5 @@ -WSGIDaemonProcess dcow \ - user=webapp.dcow \ - group=webapp.dcow \ - python-home=/srv/www/darkchestofwonders.us/venv \ - lang=en_US.UTF-8 \ - display-name=%{GROUP} +# vim: set ft=apache : +MDomain darkchestofwonders.us ServerName darkchestofwonders.us @@ -16,34 +12,13 @@ RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L] ServerName darkchestofwonders.us Include conf.d/ssl.include -SSLCertificateKeyFile /etc/pki/tls/private/darkchestofwonders.us.key -SSLCertificateFile /etc/pki/tls/certs/darkchestofwonders.us.cer Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" -ProxyRequests off - -ProxyPass / http://k8s-ingress.pyrocufflink.blue/ -ProxyPassReverse / http://k8s-ingress.pyrocufflink.blue/ -ProxyPreserveHost on - - +DocumentRoot /srv/www/darkchestofwonders.us/htdocs + Require all granted - - - - - AuthType GSSAPI - AuthName "{{ krb5_realm|lower }} Domain Authentication" - #KrbServiceName HTTP/{{ ansible_fqdn }}@{{ krb5_realm }} - GssapiCredStore keytab:/etc/httpd/httpd.keytab - GssapiBasicAuth On - Require valid-user - - - Require all denied - - + diff --git a/websites.yml b/websites.yml index 8008637..a907186 100644 --- a/websites.yml +++ b/websites.yml @@ -16,6 +16,8 @@ tags: websites/ebonfire.com - role: websites/nratonpass.com tags: websites/nratonpass.com + - role: websites/darkchestofwonders.us + tags: websites/darkchestofwonders.us - role: websites/chmod777.sh tags: websites/chmod777.sh - role: websites/apps.du5t1n.xyz