From 1b7296e32489e7f4265bdb2b12c676f90dce2dd2 Mon Sep 17 00:00:00 2001 From: Hadrien Date: Wed, 22 Jun 2022 22:19:06 +0200 Subject: [PATCH] cleanup --- adminsys-classique.yml | 7 +- hosts.ini | 2 +- lighttpd.yml | 9 +- matrix.yml | 3 +- requirements.yml | 20 --- sonic/.gitignore | 1 - sonic/lighttpd.conf | 272 ----------------------------------------- 7 files changed, 16 insertions(+), 298 deletions(-) delete mode 100644 requirements.yml delete mode 100644 sonic/.gitignore delete mode 100644 sonic/lighttpd.conf diff --git a/adminsys-classique.yml b/adminsys-classique.yml index 8c7536b..385ad43 100644 --- a/adminsys-classique.yml +++ b/adminsys-classique.yml @@ -7,11 +7,14 @@ # roles: # - geerlingguy.pip tasks: - - apt: + - name: Faire une full upgrade + apt: upgrade: yes - - apt: + - name: Programmes utiles installés + apt: name: - python3-pip + - certbot - tmux - bash-completion - rsync diff --git a/hosts.ini b/hosts.ini index 6794ede..6e262ec 100644 --- a/hosts.ini +++ b/hosts.ini @@ -1,2 +1,2 @@ -sonic ansible_host=sonic.fuz.re +# sonic ansible_host=sonic.fuz.re octo.fuz.re \ No newline at end of file diff --git a/lighttpd.yml b/lighttpd.yml index 1b5912f..55a156e 100644 --- a/lighttpd.yml +++ b/lighttpd.yml @@ -9,9 +9,16 @@ copy: src: files/lighttpd.conf dest: /etc/lighttpd/lighttpd.conf + notify: Restart de lighttpd - name: On charge lighttpd service: name: lighttpd state: started - enabled: yes \ No newline at end of file + enabled: yes + + handlers: + - name: Restart de lighttpd + service: + name: lighttpd + state: restarted \ No newline at end of file diff --git a/matrix.yml b/matrix.yml index e8436f0..3281c64 100644 --- a/matrix.yml +++ b/matrix.yml @@ -1,11 +1,12 @@ - hosts: octo.fuz.re + become: yes tasks: - name: synapse installé et upgradé - become: yes apt: name: matrix-synapse update_cache: yes + upgrade: yes # - name: Config Synapse conforme à ce qu'il y a dans ce dépôt Ansible # template: diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index ca35352..0000000 --- a/requirements.yml +++ /dev/null @@ -1,20 +0,0 @@ -# from galaxy -# - src: geerlingguy.pip -# - src: geerlingguy.postgresql -# - src: https://github.com/geerlingguy/ansible-role-certbot -# scm: git - -# from GitHub, overriding the name and specifying a specific tag -# - src: https://github.com/bennojoy/nginx -# version: master -# name: nginx_role - -# from a webserver, where the role is packaged in a tar.gz -# - src: https://some.webserver.example.com/files/master.tar.gz -# name: http-role - - -# from GitLab or other git-based scm, using git+ssh -# - src: https://gitlab.com/famedly/ansible/synapse -# scm: git - # version: "0.1" # quoted, so YAML doesn't parse this as a floating-point value diff --git a/sonic/.gitignore b/sonic/.gitignore deleted file mode 100644 index 856854e..0000000 --- a/sonic/.gitignore +++ /dev/null @@ -1 +0,0 @@ -homeserver.yaml \ No newline at end of file diff --git a/sonic/lighttpd.conf b/sonic/lighttpd.conf deleted file mode 100644 index 1bef6ab..0000000 --- a/sonic/lighttpd.conf +++ /dev/null @@ -1,272 +0,0 @@ -server.modules = ( - "mod_access", - "mod_accesslog", - "mod_alias", - "mod_compress", - "mod_redirect", - "mod_setenv", - "mod_rewrite", - "mod_proxy", - "mod_cgi", - "mod_openssl", -) - -server.document-root = "/var/www/html" -server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) -server.errorlog = "/var/log/lighttpd/error.log" -accesslog.filename = "/var/log/lighttpd/access.log" -server.pid-file = "/var/run/lighttpd.pid" -server.username = "www-data" -server.groupname = "www-data" -server.port = 80 - -dir-listing.activate = "enable" -dir-listing.encoding = "utf-8" - -index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) -url.access-deny = ( "~", ".inc" ) -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -compress.cache-dir = "/var/cache/lighttpd/compress/" -compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) - -# default listening port for IPv6 falls back to the IPv4 port -include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port -# not here anymore see next line : include_shell "/usr/share/lighttpd/create-mime.assign.pl" -include_shell "/usr/share/lighttpd/create-mime.conf.pl" -#include_shell "/usr/share/lighttpd/include-conf-enabled.pl" -include "/etc/lighttpd/conf-enabled/*.conf" - -### FUZ.RE ### -### Wiki pas encore hébergé ici ### -$HTTP["host"] == "wiki.fuz.re" { - server.document-root = "/var/www/fuz.re/dokuwiki/" - $HTTP["scheme"] == "http" { - url.redirect = (".*" => "https://wiki.fuz.re$0") - } - - $HTTP["scheme"] == "https" { - $HTTP["url"] =~ "^/" { - server.follow-symlink = "enable" - } - - $HTTP["url"] =~ "/(\.|_)ht" { - url.access-deny = ( "" ) - } - $HTTP["url"] =~ "^/(bin|data|inc|conf)" { - url.access-deny = ( "" ) - } -# $SERVER["socket"] == ":443" { -# ssl.engine = "enable" - # ssl.ca-file = "/etc/letsencrypt/live/wiki.fuz.re/fullchain.pem" -# ssl.pemfile = "/etc/lighttpd/certs/wiki.fuz.re.pem" -# } - } -} - -# Redirect www -> https without www -$HTTP["host"] == "www.fuz.re" { - $HTTP["scheme"] == "http" { - url.redirect = (".*" => "https://fuz.re$0") - } -} -# Redirect http -> https without www -$HTTP["host"] == "fuz.re" { - $HTTP["scheme"] == "http" { - url.redirect = (".*" => "https://fuz.re$0") - } - # HTTPS : - $HTTP["scheme"] == "https" { - server.document-root = "/var/www/fuz.re/newsite/public" - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/fuz.re/privkey.pem" - } - } -} - -# Old Jack.tf -$HTTP["host"] == "jack.fuz.re" { - server.document-root = "/var/www/fuz.re/jack/site" - $HTTP["scheme"] == "http" { - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://jack.fuz.re$0") - } - } - $HTTP["scheme"] == "https" { - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/jack.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/jack.fuz.re/privkey.pem" - } - } -} - - -$HTTP["host"] == "riot.fuz.re" { - server.document-root = "/var/www/fuz.re/riot/site" - $HTTP["scheme"] == "http" { - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://riot.fuz.re$0") - } - } - $HTTP["scheme"] == "https" { - alias.url = ( - "/rc" => "/var/www/fuz.re/riot/rc" - ) - - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/riot.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/riot.fuz.re/privkey.pem" - } - } -} - -$HTTP["host"] == "matrix.fuz.re" { - server.document-root = "/var/www/fuz.re/matrix/site" - $HTTP["scheme"] == "http" { - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://matrix.fuz.re$0") - } - } - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem" - proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 ))) - proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"), - "map-host-response" => ("-" => "-")) - } - $SERVER["socket"] == ":8448" { - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/matrix.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/matrix.fuz.re/privkey.pem" - proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 8008 ))) - proxy.header = ( "map-host-request" => ( "-" => "matrix.fuz.re"), - "map-host-response" => ("-" => "-")) - } -} - -$HTTP["host"] == "mumble.fuz.re" { - $HTTP["scheme"] == "http" { - server.document-root = "/var/www/fuz.re/mumble/site" - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://mumble.fuz.re$0") - } - } - - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/mumble.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/mumble.fuz.re/privkey.pem" - url.redirect-code = 302 # it's a workaround for retarded lighttpd unable to handle websockets, hence a temp 302 redirection -- Lomanic 20200606 - url.redirect = (".*" => "https://mumble.fuz.re:64737$0") - } -} - - - -$HTTP["host"] == "presence.fuz.re" { # added by Lomanic 20200606 - $HTTP["scheme"] == "http" { - server.document-root = "/var/www/fuz.re/presence/site" - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}") - } - } - - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) ) - #ssl.ca-file = "/etc/letsencrypt/live/presence.fuz.re/chain.pem" - #ssl.pemfile = "/etc/lighttpd/certs/presence.fuz.re.pem" - - ssl.pemfile = "/etc/letsencrypt/live/presence.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/presence.fuz.re/privkey.pem" - } -} -$HTTP["host"] == "spaceapi.fuz.re" { # added by Lomanic 20201017 - $HTTP["scheme"] == "http" { - server.document-root = "/var/www/fuz.re/spaceapi/site" - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://${url.authority}${url.path}${qsa}") - } - } - - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) ) - ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/spaceapi.fuz.re/privkey.pem" - } -} - -$HTTP["host"] == "sonic.fuz.re" { - server.document-root = "/var/www/sonic.fuz.re/" -} - -### Mailman ### -$HTTP["host"] == "liste.fuz.re" { - server.document-root = "/var/www/fuz.re/liste/site" - $HTTP["scheme"] == "http" { - $HTTP["url"] !~ "^/.well-known/acme-challenge/" { - url.redirect = (".*" => "https://liste.fuz.re$0") - } - } - $SERVER["socket"] == ":443" { - ssl.engine = "enable" - #ssl.ca-file = "/etc/letsencrypt/live/liste.fuz.re/chain.pem" - #ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/combined.pem" - ssl.pemfile = "/etc/letsencrypt/live/liste.fuz.re/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/liste.fuz.re/privkey.pem" - } - alias.url = ( - "/mailman/" => "/usr/lib/cgi-bin/mailman/", - "/cgi-bin/mailman/" => "/usr/lib/cgi-bin/mailman/", - "/images/mailman/" => "/usr/share/images/mailman/", - #"/pipermail/" => "/var/lib/mailman/archives/public/" - ) - cgi.assign = ( - "/admin" => "", - "/admindb" => "", - "/confirm" => "", - "/create" => "", - "/edithtml" => "", - "/listinfo" => "", - "/options" => "", - "/private" => "", - "/rmlist" => "", - "/roster" => "", - "/subscribe" => "") -} - -## Datapaulette - Pas hébérgé ici non plus -$HTTP["host"] =~ "www.datapaulette.org" { - url.redirect = (".*" => "http://datapaulette.org") -} -$HTTP["host"] =~ "datapaulette.org" { - server.error-handler-404 = "/index.php" - server.document-root = "/var/www/datapaulette.org/dp-wp" -# $SERVER["socket"] == ":443" { -# ssl.engine = "enable" -# ssl.ca-file = "/etc/letsencrypt/live/datapaulette.org/fullchain.pem" -# ssl.pemfile = "/etc/lighttpd/certs/datapaulette.org.pem" -# } - #url.rewrite = ( - # "^/(.*)\.(.+)$" => "$0", - # ###"^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0", - # "^/(.+)/?$" => "/index.php/$1" - #) -} - -### WOOTDEVICES.IO - https à activer après copie des certs -$HTTP["host"] == "wootdevices.io" { - server.document-root = "/var/www/wootdevices.io/site/" -# $SERVER["socket"] == ":443" { -# ssl.engine = "enable" -# ssl.ca-file = "/etc/letsencrypt/live/wootdevices.io/fullchain.pem" -# ssl.pemfile = "/etc/lighttpd/certs/wootdevices.io.pem" -# } -} -