Add cockpit VPN connection into wireguard configuration, ensure service users start in bash shell and in their service directory, fix nginx listen conflict

2024-02-22 22:50:29 +00:00 · 2024-02-22 22:50:29 +00:00 · dc4be1a677
parent 0973cd869a
commit dc4be1a677
4 changed files with 16 additions and 1 deletions
--- a/proxy_resources/etc/nginx/sites-available/git.domain
+++ b/proxy_resources/etc/nginx/sites-available/git.domain
@ -14,7 +14,7 @@ server {
        	include proxy_params;
    	}

-    listen [::]:443 ssl ipv6only=on; 
+    listen [::]:443 ssl; 
    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; 
--- a/proxy_resources/etc/wireguard/wg0.conf
+++ b/proxy_resources/etc/wireguard/wg0.conf
@ -42,6 +42,11 @@ AllowedIPs = 10.0.0.3/32
 #PublicKey = {{ minecraft_service_pubkey }}
 #AllowedIPs = 10.0.0.7/32

+# Connection to backend server for cockpit
+[Peer]
+PublicKey = {{ cockpit_backend_pubkey }}
+AllowedIPs = 10.0.0.199/32
+
 # User Key for Phone/Desktop/Laptop use 
 #[Peer]
 #PublicKey = {{ user_pubkey }}
--- a/server-setup.yml
+++ b/server-setup.yml
@ -211,6 +211,7 @@
      ansible.builtin.user:
        name: "{{ item }}"
        state: present
+        shell: /bin/bash
        groups: docker
        append: yes
      loop: "{{ available_servicedirs }}"
@ -236,6 +237,13 @@
        mode: '1700'
      loop: "{{ available_servicedirs }}"

+    - name: Ensure service users upon login start in their respective service directory
+      become: yes
+      ansible.builtin.lineinfile:
+        path: "/home/{{ item }}/.profile"
+        line: "cd {{ services_directory }}/{{ item }}"
+      loop: "{{ available_servicedirs }}"
+
    - name: Reset doas configuration back to default
      become: yes
      template:
--- a/serversecrets.example
+++ b/serversecrets.example
@ -31,6 +31,7 @@ searxng_service_privkey: ***
 nextcloud_service_privkey: *** 
 chat_service_privkey: *** 
 minecraft_service_privkey: *** 
+cockpit_backend_privkey: ***
 user_privkey: ***

 # VPN Client Public Keys
@ -41,6 +42,7 @@ searxng_service_pubkey: ***
 nextcloud_service_pubkey: ***
 chat_service_pubkey: ***
 minecraft_service_pubkey: ***
+cockpit_backend_pubkey: ***
 user_pubkey: ***

 # USB Encryption Key