From 9c46b9510dea832ab0de705fa3b1f36d48a4ad2a Mon Sep 17 00:00:00 2001
From: Anton Vakhrushev <anwinged@ya.ru>
Date: Wed, 17 Jul 2019 22:39:26 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?=
=?UTF-8?q?=D0=BD=20=D0=BF=D1=80=D0=BE=D0=BA=D1=81=D0=B8=20=D0=B4=D0=BB?=
=?UTF-8?q?=D1=8F=20=D0=AF=D0=BD=D0=B4=D0=B5=D0=BA=D1=81.=D0=94=D0=B8?=
=?UTF-8?q?=D1=81=D0=BA=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
Makefile | 2 ++
ansible/configuration.yml | 9 ++++--
ansible/files/av_id_rsa.pub | 26 ++++++++++++++++-
ansible/templates/Caddyfile.j2 | 17 +++++++++--
ansible/templates/vakhrushev.me.conf.j2 | 38 -------------------------
ansible/vars/vars.yml | 15 ++++++++++
6 files changed, 63 insertions(+), 44 deletions(-)
delete mode 100755 ansible/templates/vakhrushev.me.conf.j2
create mode 100644 ansible/vars/vars.yml
diff --git a/Makefile b/Makefile
index 38d8e39..b509a00 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,7 @@ configure:
$(TAGS_ARGS) \
--inventory="$(INVENTORY)" \
--extra-vars='ansible_python_interpreter=/usr/bin/python3' \
+ --ask-vault-pass \
$(PLAYBOOK)
configure-apps:
@@ -44,6 +45,7 @@ dry-run:
$(TAGS_ARGS) \
--inventory="$(INVENTORY)" \
--extra-vars='ansible_python_interpreter=/usr/bin/python3' \
+ --ask-vault-pass \
--check \
--diff \
$(PLAYBOOK)
diff --git a/ansible/configuration.yml b/ansible/configuration.yml
index 02dbb12..cadc4e1 100644
--- a/ansible/configuration.yml
+++ b/ansible/configuration.yml
@@ -1,5 +1,9 @@
---
- hosts: all
+ vars:
+ notes_port: 41080
+ vars_files:
+ - vars/vars.yml
tasks:
@@ -34,6 +38,7 @@
name: antoiner77.caddy
vars:
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
+ caddy_update: False
caddy_setcap: True
caddy_systemd_capabilities_enabled: True
caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
@@ -73,12 +78,12 @@
PROJECT_NAME: notes
IMAGE_PREFIX: notes
CONTAINER_PREFIX: notes
- WEB_SERVER_PORT: 127.0.0.1:41080
+ WEB_SERVER_PORT: '127.0.0.1:{{ notes_port }}'
DATA_DIR: /home/notes/app/data
CACHE_DIR: /home/notes/app/cache
APP_ENV: prod
SYMFONY_ENV: prod
- SECRET_TOKEN: C56gRpAtBYS3V98A3ZjQZCXzJz9gBVdz
+ SECRET_TOKEN: '{{ notes.secret }}'
DATABASE_HOST: notes-db
DATABASE_PORT: 3306
DATABASE_NAME: notes
diff --git a/ansible/files/av_id_rsa.pub b/ansible/files/av_id_rsa.pub
index 03abf82..f99a873 100644
--- a/ansible/files/av_id_rsa.pub
+++ b/ansible/files/av_id_rsa.pub
@@ -1 +1,25 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxqDV6RWsmTgWmgKGwL0B9NdNH3zdRIo5dZrLK8rRvvOKVUwHxK8V0i0qaxBho/hVTuI2Jk3dt+/3/E7CsK9qxTci0272nIizkJd4nzicTIrT2K7NQQLrvhnNvDx3g2KGLqChcaDrICgHsCv2VTH1Cm64pvE4cqom0xJz/tG7ijqzBzGDybubC4TAItkNDmtp7F4Ia06yzfL2CExBz8zxeTG4oT0sy5e0j/NjxP2MYPrQW5tL60r65VFy9a1x+8dp6IqrZkM3z6oDER0Gzhl0zfB/EAp4KhN06Bs+2UyhaQbi4+owIUVNTP+amFicyZFSu6VAeVr4JWsmrsWaKYVMD av@sol
+$ANSIBLE_VAULT;1.1;AES256
+39343035656562656632323766356561386665373036383564616331333333613765353737663632
+3531663835303562393063343231623464663232333532380a663838663938316566616532623065
+66336463643862626538366462346231386333366464323131363836326436373563623164336632
+6234353437383432380a396136653136616335343936343335633236373363353766666539396334
+36613836663831333838633231363731323234323761306630646632616238363662376462333039
+32373938343562313064663334383766653161613032623936646361316561666532356465623133
+32303663313834663834366363383265653939316336356239313364623366386631626536643439
+31333362353961353434333636343336323239363461663937313931616262316330376165393263
+63366665396431323034383939633365316134356564656136393032393864393636616234316231
+37616336396435626264643232343766616364306264376338313238356261653863336535363237
+34653638316161636431653465343536323331656230633332333139386132653433626662343837
+35396437633233363637376561303338386432643039626336376366373334613463663465613637
+36643734626163623738336435383032353837366532316566613864306430653336616637383262
+65646131643533323563393133373964633863636666633338616236386531323064396137376232
+37653333666566386563383235356232663338643161313635643661326339333661393135643030
+62356662623365376662646166316262353964383936373463393339623961376232653664306439
+36336231393434356661316336653033346430386366663138323832613532303265343136373836
+64666561616535623732326464643831363866326265343165356330646561653066393764336134
+30326436663066633163393163306265383834306634663639336437303965373063323335333537
+38643234623061376565636536323563623739313165343464316466363364613963636437363830
+33306632313839373132636130326331363538323763326333316165363633336561373030373963
+38313135343464303331343866646634393162393361333962356133376163393865373239323763
+31303336613937303031343532333036653133363439643864663661373639646566643831313662
+35613430333861376565
diff --git a/ansible/templates/Caddyfile.j2 b/ansible/templates/Caddyfile.j2
index 8d28562..b94ab23 100644
--- a/ansible/templates/Caddyfile.j2
+++ b/ansible/templates/Caddyfile.j2
@@ -5,7 +5,7 @@ status.vakhrushev.me, :29999 {
}
tls anwinged@ya.ru
- basicauth / anton show-me-the-status
+ basicauth / {{ netdata.login }} {{ netdata.password }}
}
# Homepage
@@ -22,10 +22,21 @@ homepage.vakhrushev.me, vakhrushev.me {
# Notes app
notes.vakhrushev.me {
- proxy / 127.0.0.1:41080 {
+ proxy / 127.0.0.1:{{ notes_port }} {
transparent
}
tls anwinged@ya.ru
- basicauth / anton show-me-the-notes
+ basicauth / {{ notes.login }} {{ notes.password }}
+}
+
+# Yandex Proxy Imager
+preview.vakhrushev.me {
+ proxy /img https://webdav.yandex.ru {
+ transparent
+ header_upstream User-Agent "yandex-disk-previewer/1.0"
+ header_upstream Authorization "Basic {{ (yandex_disk.login ~ ':' ~ yandex_disk.password) | b64encode }}"
+ }
+
+ tls anwinged@ya.ru
}
diff --git a/ansible/templates/vakhrushev.me.conf.j2 b/ansible/templates/vakhrushev.me.conf.j2
deleted file mode 100755
index a934096..0000000
--- a/ansible/templates/vakhrushev.me.conf.j2
+++ /dev/null
@@ -1,38 +0,0 @@
-server {
- server_name docker.vakhrushev.me;
- return 301 https://docker.vakhrushev.me$request_uri;
-}
-
-server {
- server_name www.docker.vakhrushev.me;
- return 301 https://docker.vakhrushev.me$request_uri;
-}
-
-server {
- listen 443 ssl http2;
- server_name docker.vakhrushev.me;
-
- ssl on;
- ssl_certificate {{ vars[nginx_ssl_name + "_ssl_certificate"] }};
- ssl_certificate_key {{ vars[nginx_ssl_name + "_ssl_key"] }};
- ssl_trusted_certificate {{ vars[nginx_ssl_name + "_ssl_certificate"] }};
-
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 5m;
- ssl_stapling on;
- ssl_stapling_verify on;
-
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
- ssl_dhparam {{ vars[nginx_ssl_name + "_ssl_dhparam"] }};
- ssl_prefer_server_ciphers on;
-
- location / {
- proxy_pass http://localhost:{{ nginx_proxy_params.port }};
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Real-IP $remote_addr;
- }
-}
diff --git a/ansible/vars/vars.yml b/ansible/vars/vars.yml
new file mode 100644
index 0000000..224e2d6
--- /dev/null
+++ b/ansible/vars/vars.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+35363437643463396366363661386530363562373533313237383533356662303136386265623638
+6365396330653231656162393964343866633865613437340a393261633963353661633864613664
+62616131366434666563353437316332306236643032313535343062343464363762373331663061
+3132396362326365640a306435646134306165383236383266343138626362656537386636643162
+36316630396361383666323262666566616264626166646265346431363730653364653432363561
+63326161323736663336373061353434626563316561633336353664316231666130323832623864
+39636534336634353734613836616134353531633335386636313537323163313166616533366163
+37373130336232376232613036643730326638333130313739643132333231646365313830333762
+63393837653463363332326334636662383738393730353438346534663931653063663062373139
+62346163346566376664333331336433316530386139623266376665333638666633346261393763
+62636464663766346537633161356164373631363834383931336432336162303232663534663136
+62373265373464656163353037313935383664343834336231653561633533373063313231386336
+65343533343436663264636232653832636164663166373739396435336639303437633364373262
+3332643634646535313331306131613166306461313030323862