Commit fbee78c
Changed files (4)
files/nginx/default
@@ -0,0 +1,16 @@
+server {
+ server_name www.trustme.click;
+ listen 80;
+ listen [::]:80;
+ return 301 https://trustme.click;
+}
+server {
+ server_name trustme.click;
+ root /var/www/html;
+ index index.html;
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ listen 80;
+ listen [::]:80;
+}
files/nginx/ip
@@ -0,0 +1,9 @@
+server {
+ server_name ip.trustme.click;
+
+ location / {
+ proxy_pass http://127.0.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+}
.gitignore
@@ -1,2 +1,3 @@
*_env
*_venv
+*.swp
main.yml
@@ -2,14 +2,54 @@
- hosts: localhost
gather_facts: True
tasks:
- - name: install apt packages
+ - name: apt update cache
apt:
update_cache: True
+ cache_valid_time: 1800 #30m
+ become: True
+
+ - name: apt upgrade
+ apt:
+ name: "*"
+ state: latest
+ update_cache: True
+ cache_valid_time: 1800 #30m
+ become: True
+
+ - name: apt install tools
+ apt:
+ update_cache: True
+ cache_valid_time: 1800 #30m
state: latest
pkg:
- vim
- tmux
- htop
+ - curl
+ - haveged # helps random number generation on small vms
+ - dirmngr # needed for ppa add-key
+ - docker.io
+ - nginx
+ become: True
+
+ # TODO Broken
+ - name: apt ppa repo's add
+ apt_repository:
+ repo: "{{ item }}"
+ update_cache: True
+ become: True
+ loop:
+ - "ppa:wireguard/wireguard"
+ - "ppa:certbot/certbot"
+
+ - name: apt install tools (from ppa's)
+ apt:
+ update_cache: True
+ cache_valid_time: 1800 #30m
+ state: latest
+ pkg:
+ - wireguard # requires ppa
+ - python-certbot-nginx # requires ppa
become: True
- name: personal git config, global
@@ -25,6 +65,7 @@
- name: color.ui
value: true
+ ## Skip if no ssh-add -l
- name: git checkouts
git:
repo: "{{ item.repo }}"
@@ -39,7 +80,6 @@
- repo: git@ssh.gitlab.external.ltsnet.net:bfryer/notes.git
dir: lts.notes
-
- name: home directory symlinks
file:
src: "{{ item.src }}"
@@ -61,3 +101,43 @@
dest: "$HOME/.bash_aliases"
- src: "{{ home_repo }}/screenrc"
dest: "$HOME/.screenrc"
+ - src: "{{ home_repo }}/curlrc"
+ dest: "$HOME/curlrc"
+
+ - name: nginx configs
+ copy:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ become: True
+ vars:
+ nginx_sites: "/etc/nginx/sites-enabled"
+ loop:
+ - src: "files/nginx/default"
+ dest: "{{ nginx_sites}}/default"
+ - src: "files/nginx/ip"
+ dest: "{{ nginx_sites}}/ip"
+ # TODO default landing page /var/www/html/index.html
+ notify: restart nginx
+ tags: this
+
+ handlers:
+ - name: restart nginx
+ service:
+ name: nginx
+ state: restarted
+ become: True
+
+
+
+
+ #TODO
+ # sudo certbot --nginx --force-renewal --expand -d trustme.click -d www.trustme.click -d ip.trustme.click --agree-tos --no-eff-email --redirect -m admin@trustme.click
+ # docker startup of mirror-mirror service
+ # wg genkey | sudo tee /etc/wireguard/tmc_privatekey | wg pubkey | sudo tee /etc/wireguard/tmc_publickey
+ # make 443 udp iptables forward to wireguard port
+
+
+
+