cspark
/
Client-Ansible-Setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add cockpit VPN connection into wireguard configuration, ensure service users start in bash shell and in their service directory, fix nginx listen conflict

This commit is contained in:
cspark 2024-02-22 22:50:29 +00:00
parent 0973cd869a
commit dc4be1a677
4 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
proxy_resources/etc/nginx/sites-available/git.domain
View File

@ -14,7 +14,7 @@ server {
include proxy_params; include proxy_params;
} }
listen [::]:443 ssl ipv6only=on; listen [::]:443 ssl;
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;

5
proxy_resources/etc/wireguard/wg0.conf
View File

@ -42,6 +42,11 @@ AllowedIPs = 10.0.0.3/32
#PublicKey = {{ minecraft_service_pubkey }} #PublicKey = {{ minecraft_service_pubkey }}
#AllowedIPs = 10.0.0.7/32 #AllowedIPs = 10.0.0.7/32
# Connection to backend server for cockpit
[Peer]
PublicKey = {{ cockpit_backend_pubkey }}
AllowedIPs = 10.0.0.199/32
# User Key for Phone/Desktop/Laptop use # User Key for Phone/Desktop/Laptop use
#[Peer] #[Peer]
#PublicKey = {{ user_pubkey }} #PublicKey = {{ user_pubkey }}

8
server-setup.yml
View File

@ -211,6 +211,7 @@
ansible.builtin.user: ansible.builtin.user:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
shell: /bin/bash
groups: docker groups: docker
append: yes append: yes
loop: "{{ available_servicedirs }}" loop: "{{ available_servicedirs }}"
@ -236,6 +237,13 @@
mode: '1700' mode: '1700'
loop: "{{ available_servicedirs }}" loop: "{{ available_servicedirs }}"
- name: Ensure service users upon login start in their respective service directory
become: yes
ansible.builtin.lineinfile:
path: "/home/{{ item }}/.profile"
line: "cd {{ services_directory }}/{{ item }}"
loop: "{{ available_servicedirs }}"
- name: Reset doas configuration back to default - name: Reset doas configuration back to default
become: yes become: yes
template: template:

2
serversecrets.example
View File

@ -31,6 +31,7 @@ searxng_service_privkey: ***
nextcloud_service_privkey: *** nextcloud_service_privkey: ***
chat_service_privkey: *** chat_service_privkey: ***
minecraft_service_privkey: *** minecraft_service_privkey: ***
cockpit_backend_privkey: ***
user_privkey: *** user_privkey: ***
# VPN Client Public Keys # VPN Client Public Keys
@ -41,6 +42,7 @@ searxng_service_pubkey: ***
nextcloud_service_pubkey: *** nextcloud_service_pubkey: ***
chat_service_pubkey: *** chat_service_pubkey: ***
minecraft_service_pubkey: *** minecraft_service_pubkey: ***
cockpit_backend_pubkey: ***
user_pubkey: *** user_pubkey: ***
# USB Encryption Key # USB Encryption Key