add wtf preview

DO1JLR · Feb 18, 2021 · c577759 · c577759
1 parent 9f53fdb
commit c577759
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 5 deletions.
diff --git a/host_vars/web01.l3d.space/vars.yml b/host_vars/web01.l3d.space/vars.yml
@@ -22,6 +22,14 @@ users:
     - [email protected]
     - [email protected]
     - [email protected]
+  wtfpreview:
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+
 
 sshd__allowed_users:
   - "root"
@@ -30,6 +38,7 @@ sshd__allowed_users:
   - "webwaffel"
   - "webwaffelpodcast"
   - "gitea"
+  - "wtfpreview"
 
 sshd__allowed_groups:
   - "root"
@@ -38,11 +47,13 @@ sshd__allowed_groups:
   - "webwaffel"
   - "webwaffelpodcast"
   - "gitea"
+  - "wtfpreview"
 
 accounts:
-  - l3d
-  - webwaffel
-  - webwaffelpodcast
+  - 'l3d'
+  - 'webwaffel'
+  - 'webwaffelpodcast'
+  - 'wtfpreview'
 
 nginx_sites:
   - name: 'c3woc.de'
@@ -95,6 +106,10 @@ nginx_sites:
   - name: 'wtf-kooperative.de'
   - name: 'www.wtf-kooperative.de'
   - name: 'cyber.yt'
+  - name: 'preview.wtf-kooperative.de'
+    webroot:
+      user: 'wtfpreview'
+  - name: 'www.preview.wtf-kooperative.de'
 
 acme_notification_email: "{{ _acme_notification_email }}"
 

diff --git a/site.yml b/site.yml
@@ -16,9 +16,9 @@
 - name: user specific roles for all hosts
   hosts: all
   roles:
-    - {role: users, tags: [default, init, users]}
+    - {role: users, tags: [default, init, users, web]}
     - {role: dotfiles, tags: [default, dotfiles]}
-    - {role: ssh_auth, tags: [default, init, users]}
+    - {role: ssh_auth, tags: [default, init, users, web]}
     - {role: sshd, tags: [default, init, users]}
     - {role: geerlingguy.firewall, tags: [default, firewall], become: true}
     - {role: robertdebock.fail2ban, tags: [default, fail2ban], become: true}

diff --git a/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf b/templates/files/nginx/sites/preview.wtf-kooperative.de_tls.conf
@@ -0,0 +1,16 @@
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name preview.wtf-kooperative.de;
+
+        include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+        include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+        include snippets/logging_{{ site.name }}.snippet.conf;
+
+        root /srv/www/preview.wtf-kooperative.de;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+}
diff --git a/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf b/templates/files/nginx/sites/www.preview.wtf-kooperative.de_tls.conf
@@ -0,0 +1,14 @@
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name www.preview.wtf-kooperative.de;
+
+        include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+        include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+        include snippets/logging_{{ site.name }}.snippet.conf;
+
+        location / {
+                return 308 https://preview.wtf-kooperative.de$request_uri;
+        }
+}