commit 34553aa6f412c9e2d179398dc9eaec9882f958f7 Author: Niko Kurtti Date: Tue Mar 24 12:18:13 2015 +0200 initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b585e65 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.vagrant +vagrant_ansible_inventory* +files/ssl/*.key diff --git a/README.md b/README.md new file mode 100644 index 0000000..6bda3e0 --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# Koodiklinikka ansible + +Ansible playbooks for configuration management and for deploying our applications. + +Run `$ bash run_ansible` to deploy all applications. + +### Contributors + +* [@n1koo](https://github.com/n1koo) (Niko Kurtti) +* [@Pinqvin](https://github.com/Pinqvin) (Juuso Tapaninen) +* [@rikukissa](https://github.com/rikukissa) (Riku Rouvila) diff --git a/applications.yml b/applications.yml new file mode 100644 index 0000000..ab267fc --- /dev/null +++ b/applications.yml @@ -0,0 +1,15 @@ +--- +- name: Setup new application server + hosts: application + roles: + - nvm + - koodiklinikka.fi + - koodiklinikka.fi-api + tasks: + - include: roles/nginx/tasks/nginx_config.yml + handlers: + - name: reload nginx + sudo: true + service: > + name=nginx + state=reloaded diff --git a/base.yml b/base.yml new file mode 100644 index 0000000..dbfff9a --- /dev/null +++ b/base.yml @@ -0,0 +1,12 @@ +--- +- name: Bootstrap a new server + hosts: all:!localhost + sudo: yes + gather_facts: no + vars_files: + - vars/users.yml + roles: + - base + - nginx + tasks: + - include: tasks/webuser.yml diff --git a/files/nginx/koodiklinikka.fi b/files/nginx/koodiklinikka.fi new file mode 100644 index 0000000..f08f5d0 --- /dev/null +++ b/files/nginx/koodiklinikka.fi @@ -0,0 +1,43 @@ +server { + listen 80; + server_name www.koodiklinikka.fi koodiklinikka.fi; + return 301 https://koodiklinikka.fi$request_uri; +} + +server { + listen 443; + server_name www.koodiklinikka.fi; + + include conf.d/ssl_profile.conf; + ssl on; + ssl_certificate /etc/ssl/certs/koodiklinikka.fi.pem; + ssl_certificate_key /etc/ssl/private/koodiklinikka.fi.key; + + return 301 https://koodiklinikka.fi$request_uri; +} + +server { + listen 443; + server_name koodiklinikka.fi; + + include conf.d/ssl_profile.conf; + ssl on; + ssl_certificate /etc/ssl/certs/koodiklinikka.fi.pem; + ssl_certificate_key /etc/ssl/private/koodiklinikka.fi.key; + + root {{ koodiklinikka_app_path }}/public; + + location / { + try_files $uri /index.html; + } + + location /api { + rewrite /api/(.*) /$1 break; + proxy_pass http://localhost:{{ koodiklinikka_api_port }}; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + } +} diff --git a/files/nginx/nginx.conf b/files/nginx/nginx.conf new file mode 100644 index 0000000..e734ace --- /dev/null +++ b/files/nginx/nginx.conf @@ -0,0 +1,37 @@ +user www-data; +worker_processes 4; +pid /var/run/nginx.pid; + +events { + worker_connections 768; +} + +http { + + server_names_hash_bucket_size 64; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + charset utf-8; + + gzip on; + gzip_static on; + gzip_http_version 1.1; + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + gzip_min_length 1000; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + + server_tokens off; + + include /etc/nginx/sites-enabled/*; +} diff --git a/files/nginx/ssl_profile.conf b/files/nginx/ssl_profile.conf new file mode 100644 index 0000000..5c8b4e7 --- /dev/null +++ b/files/nginx/ssl_profile.conf @@ -0,0 +1,25 @@ +# POODLE, PFS etc +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_ciphers 'AES128+EECDH:AES128+EDH'; + +# Diffie Hellman +ssl_dhparam /etc/ssl/certs/dhparam.pem; + +# SSL stapling +ssl_stapling on; +ssl_stapling_verify on; +ssl_trusted_certificate /etc/ssl/certs/combined_startssl.pem; + +resolver 8.8.4.4 8.8.8.8 valid=300s; +resolver_timeout 3s; + +# Enable HSTS +add_header Strict-Transport-Security max-age=63072000; + +# Do not permit Content-Type sniffing. +add_header X-Content-Type-Options nosniff; + +# https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx +ssl_session_timeout 5m; +ssl_session_cache shared:SSL:50m; diff --git a/group_vars/application.yml b/group_vars/application.yml new file mode 100644 index 0000000..88a98f7 --- /dev/null +++ b/group_vars/application.yml @@ -0,0 +1,54 @@ +$ANSIBLE_VAULT;1.1;AES256 +63653230626236303463623861333830663330393363303231373434643834373539616232393839 +3830653765306366323232396334646634343735663234330a333739333663633462373130666137 +35383331386338376230396562663762653831613039663866656430383662333532383136326462 +3039346364333865360a303135316438666133396662393661366333396137663839326664663330 +61646132626561643230613635373235333637386366313130383331626337316434656661343333 +37333034653636616161363736643132636462356661663038356239313063666163366164303739 +62666536343731623837396536303734663430643961383230396135613432643338323435356538 +35646636323462333166373261653038663335353135303333646232643432356263373064313235 +36353463396237353964656666373638636164316436646130383435656165666361353762383736 +35343866386437653936353534626266306636373464613562336161373564346130663332633963 +33666463356637313562363837303633366334336334336330336266656135353133303532336131 +34353133616636303537333665346531313533356134353865653336386332363464376239313065 +35333133313833376531373837613239333833616463646163336134333432376637613831306364 +65646334366465623336636231363334306538373762396535383561386261356564616162316665 +39633639303735303063616437376634623736366432653837663533326135323666323632343632 +34636531353735616266626431346231663865613764323134323833353962366233383535646634 +35386563303039336434646365636133306531343963353464376637626563666231386432373232 +37666665613731396665333231303862646232343864376432383539333730626438313261326561 +31626361636638316664306330343265353130623865643430313236653435326336386133663266 +33363639336134663837626233623736313061636438653537303364376263613134363865643438 +31646565646136626535393231613736306438613037343964626334623435306538373161363265 +65653339643735633238393264373633656233386532323835303264326133313837653561333661 +38316161643466383735373139636164376333303536393136376166656332626635336237376130 +66613466633038373433383432653962613834313761613939396562353663393339623865663430 +33333630656135353435383135303337656162303665386337396633633363343239333634346638 +33393964333566333739346365383836373164333034633437386535663361633765366538323764 +36663636633333666431623333356365333037376432366530633366376437633638376464383461 +37333831386332323066333732323539363738386263323930373364376539626639383030376364 +39666436633934343938363037313033336535626537393332633139373436313163626636376466 +30336334363166663564343062343838633966326365356535313638353330386330316532386161 +63393332386562633232326264353832613436336162356666346538343337663863396130343233 +65383831666136663135363734343832653033333035386464663336376230613866616135383934 +32646332373639623436633362626231653138366633306431306434393436303134626439613663 +37626132646665643839653761393631663535313330666465623031613164353666343832646530 +62306162333934323836393662336633303561363736393335303733663737303261333162396232 +61323435636238656362363631353339353433653062373965383137646238333362393262346461 +32346435326434303861346463663734626436643964393237386561323362633837653734303937 +32343632636364356661323262393964353434653765353537303630373634386361643934333939 +32313039396634306437663233623666373034303238333438326436303664313639326265313133 +65656562353839373734353166383038313837376161653036646264356436636337396536363235 +36643963643033623331626633306366656436393433616132363264303231366638306439613965 +30643864626163633737316663303731346231333965383838616638326464393337616437346137 +32623339353530353365373831303961623431356237663832306264306234333633363162656431 +32373063376462393066316262616339653461343637396630363661616536663563633462393762 +31343836373733643732396638646261623432366363396366633031333937393733663961333937 +34653935333233663138363731656464326239623437336566333562666335653464633639386433 +34316536613037646534316334656266613738626261626162376633313366303935643563333634 +38363234306631373638316336633661343961656336376361626333646239626665633833376534 +34306165663436376338303731646461353830643066303338643131316635613863396239373532 +34333432303831663638623636626630393731346337353937643864633461313434373962633432 +30666430313639346235323639363034323635383636393532346537663538376165343732623666 +31333833666339323836396562396262613239363636313464653361316435363031343338633330 +36663666393237396233636131626133653461313635616133636135323061366632 diff --git a/hosts b/hosts new file mode 100644 index 0000000..ac5b61c --- /dev/null +++ b/hosts @@ -0,0 +1,2 @@ +[application] +koodiklinikka.fi ansible_ssh_host=104.236.12.214 diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml new file mode 100644 index 0000000..0c044c3 --- /dev/null +++ b/roles/base/defaults/main.yml @@ -0,0 +1,5 @@ +--- +users: [] +locale: + LC_CTYPE: fi_FI.UTF-8 + LANG: en_US.UTF-8 diff --git a/roles/base/files/etc/ntp.conf b/roles/base/files/etc/ntp.conf new file mode 100644 index 0000000..98fce14 --- /dev/null +++ b/roles/base/files/etc/ntp.conf @@ -0,0 +1,6 @@ +driftfile /var/lib/ntp/ntp.drift + +server 0.pool.ntp.org +server 1.pool.ntp.org +server 2.pool.ntp.org +server 3.pool.ntp.org diff --git a/roles/base/files/etc/sshd_config b/roles/base/files/etc/sshd_config new file mode 100644 index 0000000..1ba64b4 --- /dev/null +++ b/roles/base/files/etc/sshd_config @@ -0,0 +1,47 @@ +Port 22 +Protocol 2 + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication +LoginGraceTime 120 +PermitRootLogin no +StrictModes yes + +RSAAuthentication no +PubkeyAuthentication yes + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes + +RhostsRSAAuthentication no +HostbasedAuthentication no + +PermitEmptyPasswords no +ChallengeResponseAuthentication no +PasswordAuthentication no + +X11Forwarding no +TCPKeepAlive yes + +UseLogin no + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +UsePAM no diff --git a/roles/base/files/etc/timezone b/roles/base/files/etc/timezone new file mode 100644 index 0000000..7f39493 --- /dev/null +++ b/roles/base/files/etc/timezone @@ -0,0 +1 @@ +Etc/UTC diff --git a/roles/base/files/ssh/codeship.pub b/roles/base/files/ssh/codeship.pub new file mode 100644 index 0000000..2a744fd --- /dev/null +++ b/roles/base/files/ssh/codeship.pub @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFt3BBb3Rs/O/cpdRj7eeYbCpxR72c3xMmMUO4Rn/MtNZIdZJjxKcO3xUIJnugOyiaYGDGM5mw7rVO+cs9dHjQInoDYrawJRhGZ5aiYyA/4uJor8N17IhwVARQOFdWqcex9q36OCsAqIWUeiVKw07JqAJqFbPd5fpP8JczRIKBHChGfWuXj9ChQDpABKDHAcvYqQFJLwldgSg0oeweairaVLFqYxH3Uy37+LUviSBBX707mk8+Uz7E2JUv/M+9/HZ/XPkC4E3nQZKaYh0Abxgm5aQo309TGAzxIQZ4kSLka7jjEiChqu5xupo8y1PvVgdaShwWRm6HdoQtmaHmOJyB Codeship/koodiklinikka/koodiklinikka.fi + +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjQzuhknObgjRNYZljb4CtB4xO7Bu2Gb/OjA4iKOFBDEsyynZOKJsXAA8v/8r+dUlv6TxXqZBL5H5uVKpmk2SwglAriLrN32bdvfAj5S+MrcrcRxwqT7Gq27Ilc8QF8qaLqPn1GZXDQFGkyz+Rel8oDP7ZdYn7uAeszjZZRqSi+Jyb27YmIuYU3OrBoU6JoHuQzT6kjFvbsu3tCozXc/pt/jIxkC1qPBvB2HWmaNb93MckjR57VO0NcI9TZLFrqJxxRajxE96MYuao0Kh/VbaLIQlvr46vulx0NfbqutlcAH3luKzuvZlhYWt+iIrcBjePtgcOBUxy8iNFRwYYBPgd Codeship/koodiklinikka/koodiklinikka.fi-api diff --git a/roles/base/files/ssh/janne.pub b/roles/base/files/ssh/janne.pub new file mode 100644 index 0000000..fbcb5ac --- /dev/null +++ b/roles/base/files/ssh/janne.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChQcArLHSSndZLkXEUK9CjHY9vRt60OS+ZoyyhPrHA2WEslke6Jc40n8xsIlZktToYnPiI6gq8E4//ricY5T6u/mLAGuyGtUq9RLQXrIibP+g4jboLuomw/OaykXGAHmD5JN/TP3I0bD9S8aWRVsFQr5dtBPVpwiXV8we0KiMndURwjdFKIIm/egYX9bFG3OLhFr4QCoIrjQ1SpQWR2jztXx52ajhbhycx9Ih2hPeVubwjcUmg2wSb09LSD85lReEGdscHnCGChA8JppiW9H+cFSPA3v52YU3S+T/pW4w8YdCGB8obcrhB5zwn801dguyoPxv7XgQsjIdKpDauE1Ap janne@kallunki.org diff --git a/roles/base/files/ssh/lauri.pub b/roles/base/files/ssh/lauri.pub new file mode 100644 index 0000000..e3f3e5b --- /dev/null +++ b/roles/base/files/ssh/lauri.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAlxwDg8CMsVuJ6MqkM7j1QPr+nsFP8b9Jk9XgdZhdzl2VtZHUBPMFJ9evxDOflO7GA0AE48/agkgKzElOYxGSbMX0NwwUf8B2zPpcB52bYEkiQ357qzh3PLREziGD80F2QI+xkIC6DTetuZRm8C2xaAkLlIa64NcdV4pW7kzC010= lauri@nuutinen.us diff --git a/roles/base/files/ssh/n1ko.pub b/roles/base/files/ssh/n1ko.pub new file mode 100644 index 0000000..94898a4 --- /dev/null +++ b/roles/base/files/ssh/n1ko.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAPULw/4vRl1fblbHFpHVQdilzz7eEbGn9UAnca0jaUZmkItyC38azjYtbQYJ+Yvo1DYdqvmkuC40dJgVtbDsAgpZ8owKH/G4Rxfdb/UM6Vl0Jb6Y5eimXUcS0Ybu5VpEclYt9SfqCF2pKezG8wH+VXHqVzCzWUoxCcDOEzY4emYWRl9jtfZiGYlbEWDmJZRaQzZU+XRHEBhVtQ5ndNUEIKFAtnYSUDMdWPy9s1lvfWRJTNVHrhZlXO0BS1UEoiSFupzOO83BZ/JgW5E9WLkRslFfjICmB0iuDBusQb6KazSCTGAvXuLtIJzOtiKfZLqhynbg2+90TKrLB8EBOh0DJ diff --git a/roles/base/files/ssh/riku.pub b/roles/base/files/ssh/riku.pub new file mode 100644 index 0000000..50a2f22 --- /dev/null +++ b/roles/base/files/ssh/riku.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIF63S4f3z9wQMvWibmvl7MPuJ6EVrkP0HuvgNhcs/4DZYMcR/GRBvV4ldOSYMlBevIXycgGzNDxKJgENUuwIWanjBu7uVAHyD6+cIRD1h63qq7Cjv/2HYTfBDKOrKzPOhA6zWvKO0ZGWsjRXk5LWMCbKOkvKJCxOpj/NVBxeE4FTK5YADYPV3OSsmBtqTHrVLm2sMmShU/2hMYYswWkobidjX65+nK/X+3C+yJbHwiydVvn+QCrFlFfCLPWKe8rUpOxyxofPqWVQh6CHhHfT8okaOc9sOE8Qeip9ljo84DftJh3Xm3ynOdWK1hH2BvRvxNadWqcE1qECbkg4tx2x riku.rouvila@gmail.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXw2RhJiPlvs+PN953MxPikikCa/S4euPPSoCPBCF7flWhQjp2M1SnfDffVP05zuefXdH1STX5DOuW7CQpS0moS/Y6LLgho6zaU2qNMVc2tvNK59Tdek5fNXEyZrnAOqPiIfHgdAiQVZFIte2PAlnGiMIBqdkVYoUEv9IKoHxS0wRkcJ9iF25l66yY35CB9CM62K1xnaoUW0p8fSm+naCx0lbsoPhUxmRUpdIvebAV78EZsBw7CjJ5fFrzmf9v6KNsMDVE0GdNLmMkeF3hF4VXXGrUzGQjZCHTaownpts/y/BsVO8VO24bL1ZkeQ5duyZ5wHfWfBmNdfyPXzU/0DoR riku.rouvila@gmail.com diff --git a/roles/base/files/ssh/ville.pub b/roles/base/files/ssh/ville.pub new file mode 100644 index 0000000..a75a747 --- /dev/null +++ b/roles/base/files/ssh/ville.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC66ZMAqPwNx1jthNYOAlIo+nKYN4crQp9m4Q2cDiyJRIB1d3/iqtqhXG5SUcfQXHQnmWO9d/Oe0fNTmdsIz7njPsmabfEkl/NtRse6Kfc/l9MEHcdCc3KVur0zTSRF4Hm9sU75/59kPJZ8ad5BdhbrgqyNJOljZDp7i/3PLZtTavy9aXrX8C5e6Q7pAuK9pjtNevknl+kbbJn5v1kYIeH4x0kFH9O+VcVE6tzUJSjaLzpQ+e1C/4+m3V7qzcrDfDE79yfJ4qEeMiVtQiLujIA/7HMHvzt/z1M5CMF/Ixg+v0l4JNcnYZZkYN3EX9A8f0OW17spmKOrWvlbKBC5SlgH ville@www1.daa.fi diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml new file mode 100644 index 0000000..ff83a60 --- /dev/null +++ b/roles/base/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: restart sshd + service: name=ssh state=restarted + +- name: update tzdata + command: dpkg-reconfigure --frontend noninteractive tzdata + +- name: restart ntpd + command: service ntp restart diff --git a/roles/base/tasks/locale.yml b/roles/base/tasks/locale.yml new file mode 100644 index 0000000..e323ade --- /dev/null +++ b/roles/base/tasks/locale.yml @@ -0,0 +1,18 @@ +--- +- command: grep LC_CTYPE={{ locale.LC_CTYPE }} /etc/default/locale + register: lc_ctype + changed_when: False + ignore_errors: True + +- command: grep LANG={{ locale.LANG }} /etc/default/locale + register: lang + changed_when: False + ignore_errors: True + +- name: Create locales + command: locale-gen {{ locale.LC_CTYPE }} {{ locale.LANG }} + when: lc_ctype|failed or lang|failed + +- name: Set LC_CTYPE=fi_FI.UTF-8 and LANG=en_US.UTF-8 + command: update-locale LC_CTYPE={{ locale.LC_CTYPE }} LANG={{ locale.LANG }} + when: lc_ctype|failed or lang|failed diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml new file mode 100644 index 0000000..4a4ed21 --- /dev/null +++ b/roles/base/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- include: locale.yml tags=base,locale +- include: users.yml tags=base,users +- include: packages.yml tags=base,packages +- include: sudo.yml tags=base,sudo +- include: sshd.yml tags=base,ssh +- include: ufw.yml tags=base,ufw +- include: ntp.yml tags=base,ntp +- include: timezone.yml tags=base,timezone diff --git a/roles/base/tasks/ntp.yml b/roles/base/tasks/ntp.yml new file mode 100644 index 0000000..01515bb --- /dev/null +++ b/roles/base/tasks/ntp.yml @@ -0,0 +1,7 @@ +--- +- name: Install ntp + apt: pkg=ntp state=present + +- name: Copy ntp.conf + copy: src=etc/ntp.conf dest=/etc/ntp.conf + notify: restart ntpd diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml new file mode 100644 index 0000000..20e96c2 --- /dev/null +++ b/roles/base/tasks/packages.yml @@ -0,0 +1,11 @@ +--- +- name: install basic packages + apt: > + pkg={{ item }} + state=present + with_items: + - screen + - vim + - git + - htop + - wget diff --git a/roles/base/tasks/sshd.yml b/roles/base/tasks/sshd.yml new file mode 100644 index 0000000..327e2cf --- /dev/null +++ b/roles/base/tasks/sshd.yml @@ -0,0 +1,7 @@ +--- +- name: configure sshd + copy: > + src=etc/sshd_config + dest=/etc/ssh/sshd_config + validate='/usr/sbin/sshd -T -f %s' + notify: restart sshd diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml new file mode 100644 index 0000000..9a91673 --- /dev/null +++ b/roles/base/tasks/sudo.yml @@ -0,0 +1,8 @@ +--- +- name: setup sudo + lineinfile: > + dest=/etc/sudoers + state=present + regexp='^%admin ALL\=' + line='%admin ALL=(ALL) NOPASSWD:ALL' + validate='visudo -cf %s' diff --git a/roles/base/tasks/timezone.yml b/roles/base/tasks/timezone.yml new file mode 100644 index 0000000..326c29c --- /dev/null +++ b/roles/base/tasks/timezone.yml @@ -0,0 +1,4 @@ +--- +- name: set /etc/timezone to Etc/UTC + copy: src=etc/timezone dest=/etc/timezone + notify: update tzdata diff --git a/roles/base/tasks/ufw.yml b/roles/base/tasks/ufw.yml new file mode 100644 index 0000000..579ad18 --- /dev/null +++ b/roles/base/tasks/ufw.yml @@ -0,0 +1,9 @@ +--- +- name: Enable firewall + ufw: state=enabled policy=allow + +- name: Allow tcp/22 for SSH + ufw: rule=allow port=22 proto=tcp + +- name: Reject other ports + ufw: rule=reject diff --git a/roles/base/tasks/users.yml b/roles/base/tasks/users.yml new file mode 100644 index 0000000..b158721 --- /dev/null +++ b/roles/base/tasks/users.yml @@ -0,0 +1,17 @@ +--- +- name: create admin group + group: name=admin state=present + +- name: create users + user: > + name={{ item.name }} + groups=admin + shell=/bin/bash + password={{ item.password }} + with_items: users + +- name: set authorized keys + authorized_key: > + user='{{ item.name }}' + key='{{lookup('file', item.public_key)}}' + with_items: users diff --git a/roles/koodiklinikka.fi-api/defaults/main.yml b/roles/koodiklinikka.fi-api/defaults/main.yml new file mode 100644 index 0000000..d572b17 --- /dev/null +++ b/roles/koodiklinikka.fi-api/defaults/main.yml @@ -0,0 +1,5 @@ +--- +koodiklinikka_api_project_name: koodiklinikka.fi-api +koodiklinikka_api_repository_url: git@github.com:koodiklinikka/koodiklinikka.fi-api.git +koodiklinikka_api_nodejs_version: v0.10.25 +koodiklinikka_api_port: 9000 diff --git a/roles/koodiklinikka.fi-api/handlers/main.yml b/roles/koodiklinikka.fi-api/handlers/main.yml new file mode 100644 index 0000000..370ffe2 --- /dev/null +++ b/roles/koodiklinikka.fi-api/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart service + sudo: true + service: > + name={{ koodiklinikka_api_project_name }} + state=restarted diff --git a/roles/koodiklinikka.fi-api/tasks/main.yml b/roles/koodiklinikka.fi-api/tasks/main.yml new file mode 100644 index 0000000..7b80f02 --- /dev/null +++ b/roles/koodiklinikka.fi-api/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Deploy from git + remote_user: "{{ koodiklinikka_user }}" + action: > + git + repo="{{ koodiklinikka_api_repository_url }}" + dest="{{ koodiklinikka_api_app_path }}" + accept_hostkey=True + notify: restart service + +- name: Make sure Node.js is installed and properly aliased + remote_user: "{{ koodiklinikka_api_user }}" + command: > + bash -c "source {{ koodiklinikka_api_nvm_script }} && nvm install {{ koodiklinikka_api_nodejs_version }} && nvm alias {{ koodiklinikka_api_project_name }} {{ koodiklinikka_api_nodejs_version }}" + register: nvm_result + changed_when: > + "already installed" not in nvm_result.stdout + notify: restart service + +- name: Install NPM dependencies and build assets + remote_user: "{{ koodiklinikka_api_user }}" + command: > + bash -c "source {{ koodiklinikka_api_nvm_script }} && nvm use {{ koodiklinikka_api_project_name }} && cd {{ koodiklinikka_api_app_path }} && npm install" + notify: restart service + +- name: Setup config + remote_user: "{{ koodiklinikka_api_user }}" + template: > + src=config.j2 + dest="{{ koodiklinikka_api_app_path }}/config.json" + mode=664 + +- name: Setup Upstart config + template: > + src=upstart.j2 + dest="/etc/init/{{ koodiklinikka_api_project_name }}.conf" + mode=664 + sudo: true + notify: restart service diff --git a/roles/koodiklinikka.fi-api/templates/config.j2 b/roles/koodiklinikka.fi-api/templates/config.j2 new file mode 100644 index 0000000..276611c --- /dev/null +++ b/roles/koodiklinikka.fi-api/templates/config.j2 @@ -0,0 +1,18 @@ +{ + "all": { + "slack": { + "token": "{{ koodiklinikka_api_slack_api_token }}", + "private_channel": "{{ koodiklinikka_api_slack_private_channel }}", + "public_channel": "{{ koodiklinikka_api_slack_public_channel }}" + }, + "github": { + "token": "{{ koodiklinikka_api_github_api_token }}" + }, + "twitter": { + "consumerKey": "{{ koodiklinikka_api_twitter_consumer_key }}", + "consumerSecret": "{{ koodiklinikka_api_twitter_consumer_key_secret }}", + "token": "{{ koodiklinikka_api_twitter_token }}", + "tokenSecret": "{{ koodiklinikka_api_twitter_token_secret }}" + } + } +} diff --git a/roles/koodiklinikka.fi-api/templates/upstart.j2 b/roles/koodiklinikka.fi-api/templates/upstart.j2 new file mode 100644 index 0000000..d854057 --- /dev/null +++ b/roles/koodiklinikka.fi-api/templates/upstart.j2 @@ -0,0 +1,13 @@ +description "koodiklinikka.fi API" +author "Riku Rouvila " + +start on runlevel [2345] +stop on runlevel [016] + +respawn +respawn limit 10 5 +env NODE_ENV=production +env PORT={{ koodiklinikka_api_port }} +exec su -s /bin/bash -c 'source {{ koodiklinikka_api_nvm_script }} && nvm use {{ koodiklinikka_api_project_name }} && cd {{ koodiklinikka_api_app_path }} && exec "$0" "$@"' {{ koodiklinikka_api_user }} -- \ + node index.js \ + >> /var/log/{{ koodiklinikka_api_project_name }}.log 2>&1 diff --git a/roles/koodiklinikka.fi/defaults/main.yml b/roles/koodiklinikka.fi/defaults/main.yml new file mode 100644 index 0000000..cafa479 --- /dev/null +++ b/roles/koodiklinikka.fi/defaults/main.yml @@ -0,0 +1,4 @@ +--- +koodiklinikka_project_name: koodiklinikka.fi +koodiklinikka_client_repo: git@github.com:koodiklinikka/koodiklinikka.fi.git +koodiklinikka_nodejs_version: v0.10.25 diff --git a/roles/koodiklinikka.fi/tasks/main.yml b/roles/koodiklinikka.fi/tasks/main.yml new file mode 100644 index 0000000..8e0f43b --- /dev/null +++ b/roles/koodiklinikka.fi/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Deploy client from git + remote_user: "{{ koodiklinikka_user }}" + action: > + git + repo="{{ koodiklinikka_client_repo }}" + dest="{{ koodiklinikka_app_path }}" + accept_hostkey=True + +- name: Make sure Node.js is installed and properly aliased + remote_user: "{{ koodiklinikka_user }}" + command: > + bash -c "source {{ koodiklinikka_nvm_script }} && nvm install {{ koodiklinikka_nodejs_version }} && nvm alias {{ koodiklinikka_project_name }} {{ koodiklinikka_nodejs_version }}" + register: nvm_result + changed_when: > + "already installed" not in nvm_result.stdout + +- name: Install client NPM dependencies and build assets + remote_user: "{{ koodiklinikka_user }}" + command: > + bash -c "source {{ koodiklinikka_nvm_script }} && nvm use {{ koodiklinikka_project_name }} && cd {{ koodiklinikka_app_path }} && npm install && NODE_ENV=production npm run build" diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..06ee62d --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1,574 @@ +$ANSIBLE_VAULT;1.1;AES256 +34313033376131303236626165336538306461636338653065613363353233663337653261633261 +3866653039633664366465633838643738386636643034630a343536643865383362386230306634 +65613461613231336639613734623137313162353436646233623361653334396132326637313930 +3535316263376237310a376332306333303132366339646632396630333439643030366337316266 +39393537393130346363326436663134316339386139326565316139316235626333643435663430 +31336239616136613666663366643137376366663934386630623261663538363432356332363338 +62303561373965363433386631333865383338313936353162383764656334303736356235633265 +39643862356166366463393666666164633066626637663333323338396265643861303833653538 +66373638396365643030323830353635633761336461633033613737373134336561333862623037 +38386462323330333363613466313233633835393630623734653537393234313934353335666564 +37663330333261323535356164303437323263636330366437626661626161343639346164333066 +66323132393561366236353737313933383231653630353666346363663063303138653965613037 +65313536653937383136376239303165313830346330653437303966313264353233353937336363 +61373233623239653561326262633165303461623335633266643564363136323031373834643161 +61626530336536633834303566613435393639636433663864663835396332333137353261643963 +38363561373435393561663636303339393933363735333934316338633137303038366461623563 +62313864383933353832303263303632303230383631366261633262373664343063336266303639 +66636162313031383734323263306561623438616230363163376439353166393730666136653732 +33396130383061663834323230653966616638613836663238616462313334353264316665613930 +61633039346462363236343231613538646165343365316331666162353734616161376437353132 +66393633613533376130396264633030346433343632366264636562393938363337383064656637 +63663332663562643634386138353061343061386364613137616564346264343163303638353931 +63393965393661333934313134346338313465393366323539613861333039326230363539313933 +63656635666230386332653264666333323337316639656636326364373332356637626234333137 +61656231656233333961613464323332613432636432316334353064666665656632636363623562 +31633463613039633935383561336438633135663237626239383437376464333435623766373862 +35343136643464633462366239626163366663626661323562623733373263346161626235626164 +37393136643233623838363430326361356430373238316334396436643134313236666262396631 +62623766643033373835616138613031633861623131643432326134363062383333656139323738 +64353834323137643561373839653736636464653733643732613030313837666337656262353636 +31663831346261653361346434366331313836316332363566393435376562306233623132626265 +66303231636438303337386336333339616462306232313061613233393662653232323633323130 +64646265626434333366396132313532363839346231396665613839363762653935646438633334 +35643964633235663166666539396464366635343035326638646138366639376535353634313232 +66356138366538353462396631343161313439303263353030636162383938646539656237616136 +65313338333065373162303065393638363130366561383464653339386436356535323266626165 +39376661346634346437363039663537373862633738393063376563636634633938326534393464 +35656239373833626265613533646364653532363237306531306435336365336235663834633435 +62616130333664313536353630323932613666316565653261366634316161393166346233343837 +38336265333336383231333930386433396163393664623663393239666230363664306263383434 +62643331663434303737346663653362336134353530336463343038376233636435373330396432 +33633038306239656332306134633838613535326131396336333062643730333234623533333463 +33336665623831343233616535343865636264353037303365356637636666663735363864316639 +33376362366331383833363535306666336465393838633034336533336363663765626431306663 +30623536313930353231353439316331333430616134393366343563383934653439643939343839 +34393561376464373261393764323864333332343039373034643830353538643135653432383737 +61633832366330303038656430613830386563636632643535656436303631656530613364653666 +61363238386635363935353833326266653963386264646561343536643531623362643937336332 +39643834323331623235333564633564343862613539363838656665363334623538333562623565 +62626636643165323439333065636538336139643037306533336561393263323237626635396464 +63653963373139373863643965333135306331643537346261616365336664626534323961373139 +38306462303233356236323065666638386161653531663932366432616337656335346162313338 +36646364346561326230356531333834393264613164616665666233373534643137666661653038 +37363538663935323866306365326633663562346663373765623236303766656432393132663361 +33633235373335663964663032316333663335323763383062363930666361353032393534393731 +31363339626132663339663435383566646437323533623366663431303966633466613332303566 +35663030303733356161666530373930326163383965656562393834343463313132306463376631 +32613964396263643465653265396464623833356166386363336366333536383462633433623165 +34393839663063616363623637393834316262356131313763656363393561386435343132306364 +32313839333837373435626431343432333637646132653239626365623762616465633830326331 +32653761333132393931366533396432306233336338336230313061646432336639626135363333 +36646230376132383532353633336130653062653639343031383137303533343530633663336137 +63643362643764363365613831313135383966636533326366663765613534393431393033633536 +64356230346361623238373634633961333937653362616236626236636464333965343862373737 +33633263333066393238333562356135363031373434306462333735373437363764646539316136 +66636162353130363666633362333939656530353330336430663131396638656436333238393737 +30333935643635333833306563383963623830363564653737383664363132663833656131613436 +31636464353361633862336638356466653764373735333761646636306566363965663636613131 +30366433396464363031343435383864616238316634346539383630383666336664383237336234 +32303536373235663031306566353466336438303264326661323431613236366466663932366236 +33663863353161356330313536393564376535313737663261373535656130656333393332633233 +33363231333466306263343938663738663932613638343238383235626133313133313338343033 +66383036316636333430663963356331393934353531643532383664363066383631373338623736 +65316463323638646433613061373032313464303134396364363736643365656562376338643437 +61663663353639636139303938343835313734333534363462623366643933353430636365613265 +35316462326334386137316663663433356235323737396239656630616236663536323931633736 +61313934346431643539343731666130326366626435313437646633393632616638393539336231 +33666432343431666464393565393033336263313363366461333934626639386431643939646336 +32613133393063313864653763386264376430343765306134333839313332363536626361363264 +65396265633837336630346536343234373064646133376335663137663561636566653831363165 +39633165623537623137363630356336623665653136323930306463386338356436343235323239 +35393861633965313833626662346233326566323733326564383930363130346364313539386163 +61356536653130646466633531653862646463333462373365646639663130356263396531613039 +31393832343932356433386562383536333366343139623635383835636565363536316233373963 +33613031386438386636656439366333353031313365633138323634626238366537373230353038 +37373063666131396465363137343264303763383834653961623162306130393262393130353936 +39663837303032646339316330396535393530303731363466383865616335373632303130326163 +32346530383865303030383763323463643632383362353861396439633361626162323064666461 +63333564353062333733393165623733306266656561623131646430393863376137313630336638 +37323636343666383734316666303630306237623131396665316466643432383763313034663863 +34666465616661623565623863333130363137353934623337303935666134663036613938343765 +34623830663735613263373633616464316563653663616334373166313232643763663764623263 +33303730333430336637636435653336653433653039323062373830306331353931366264343161 +39376566393465333362636464663038313038323636363936303836383565663834653935306439 +66303563666663386136616335383933623033643966303563633831386533383030326465353837 +35623139343330356662636338626338373631366533376437323136313463343361336364643433 +64646235333664323938646166616530663938306163303630323731613531373537376231303264 +34303163663962623462303163326631306165336633623166616661336130336661326431306138 +32323936373534643533656139623461353762333636383162333663666231393239633434336231 +30316439616232623939363035623535373766323437646265316338333839343430393764353162 +64366466656139336530366563613062653861373637353264326336346463363664333663623765 +61383132356330333633333262666663366532646136313031313361393535653733663764653932 +64663637633833656535333335356239623264366636366563666531363664656330653737366130 +66626432653934333139616132613733313032613737333032383139646533303865633664353464 +31663962653037343435336532666633373261623766613662336138633437326164313430643163 +37373063323034306162636663643739376266346430386131633464656361643964653864333761 +32346234343835343236356434623632663330363964316434393662656263353236363734633339 +66383364653235623361393261643731356631343161393766653963613263656438623061646436 +63613336383136313330646532613336333432643937353035333930646462636466663439613235 +36323638623663323037353361376265396136303361396364393730656238633030326639633366 +37316565343963656664653938363737353937653934316661316165303566353331373364626535 +37393238316166623933363566306232336336386366323861393966653133626561323436656536 +66633262656338316463623566643237323132386136626435373137643036363538316636353866 +31343232303737326331656538363830643164626661326339386230306235636239396535663863 +64656465303962636661616166393365303962306430313864616437393530323931333233663433 +39333438636631353763373636666162656533366531326138313365353263373335323963373735 +36643931646661376365623130633731643534313061653136353066383136366632656364626534 +31313139306463373863326538376166616434323636333838373866633630393461353737643463 +66306564393137386261656636633630653463363634343836356238326334623364373664376136 +65656265636362306333313034323966353666336339336264376336633431633438363466373135 +64303434373062376261643732613930646361636566623861623765363831316637646264636262 +30316562336465363435373864646131623734656662623237663431323138373437613966383033 +36303365326462666263613637653935626539623839346161633837386534323530326362393032 +33313162613738663065393537386430333738633038663865613231623163643063343762613739 +61336434313463313137333834326466393461386564333464326364613139383833313031336331 +66343766323166643265613365343836333562376435356136353961653666313438643439376264 +37643830623263303438356533633137383861396264343137353436316534383134613132316336 +64653732363664623265633930623739323830336435616130663933623138356661653364306633 +37643761323638336164616166623766616166633831666636356663323832356638633261646466 +37616261353462383031313161326337636139363063336336323831373863646639323431353138 +66313132333931313236303966303165313962333964396239383661323665343633656532396464 +62306461373865323135613235663864626462333438383363333665636535333837353432326566 +64316432326662336565303138343133383164353130636134353736613763346133313333343865 +30323965643166616634303535346661623964343561343730343737386564663565623038383036 +33346366386364396330623734663938633830363062636132323632306439303365646631323034 +34633939323430386166383666363566346339306265393065346265626164646362373635313864 +64376132613661396635623764386231316431353666396437346661623633323635663264326539 +32646165623461356366653563366635353761373361386264313337643061373561393231383332 +37623164363338366232623137643132346135666265643438333131393630303833383431343333 +66613765656233396236396632386439613236653437633662633733613366313863663034636235 +32316234653733323465343536613030323266313533313030663162396161323237333765333837 +61363637373436633166626534393730303839323534666138316664616530373861326130323432 +61316432656336323530623365333064643535636235613730353930393638333939633964656661 +65656462316664313838363730363734366439363865373062393738373563326361626365306530 +65303566633739356132666639363634313932366338353231623165666236393265666162646430 +32353136373234363663636138646330613561366136303738333431306534616134303837623061 +64303030613339393065356664326536323661626236333937636636303165626436306166623432 +62303336366133636534626336346130626132303163623930383434376131373934336332303439 +39613037373366336633393532643861373664346338366639616663373133343466336665316336 +64663265626638323836636635313932636563363063346435656130333632363132393434633065 +37386432363566613830666531376162633737646131323338373165393430353563626432386665 +33373234663530656632633032323466333835303663316638326335616563653564313430386535 +39313266343731383930616432653463323261626133343333646164663561303563383962666531 +64396538363163343638626432643565616638336137383637373737333737326633373261366164 +63376666343737613339326331323037633566336330336536396462616533356630626433626339 +66616163653537353039376431653430376564313230393337616462653466316532323936343461 +66653839373836363138333761613665303534363938656234313932663333653364343065646134 +61393361343663366237616136363533323638313335353932653739643264336436343235386265 +63356462616334623936623862653835373039666530646637633633326437316434633165353663 +31356661393562343936623435393537653563366335623330623331353732613939356639306433 +37636134346639366138326337333135383933623235663139386433656538643135393633303830 +62363765643436363036356637616662373735663439636135333665653038646132636534343464 +63366164383963393665323531326530653335303332626139633838653165346137326630643738 +33616333306263336635356638613535363135653966323035373631623031633461303864336136 +39633863323033366163386439626562343433653539356536616666656661666564353664373130 +64393335623231353337303836346231646630333930643034383161653435353831383230303631 +38336538666533633638633961653731393638303230306437313437626232363638316138653366 +64656462323963636661633363666338643432386630383263353733633333663932643235616663 +30333635383761353966326130333963366661313562376232666534326334393332623062393033 +34386138343531376339313262643466663761393735383930396433613938666537336132623239 +39323635613361636130383139373035653863623161626563656461653732366664643030663162 +63306564656530396132663363346335336639393838653064336661616566633430376537383265 +39313237333032336532303833306137353265306134646434353839343538353432623963386336 +64383065346662356537363038336263633337326630306238333462643033623732656264313435 +38306139396430666131373030666264613037666565333130613866633165333764623064616363 +31376237356439346665376633613732373861613430323835643638343265393532343765626339 +33666564383431373363363563363630383263626634313763393863343632303038623631353534 +34626233393036626533623331666636383732633666636236396531396266373862656535633437 +39353838363164656564353339386637396137353031346139303930353936333439323237396631 +66393961643062396431633236613330343962633336303932323938393237346465363130636435 +31373162346138393831373763323966666130656430373035333763316531336231663738356263 +39313239313065623761346461376635643936623235306436306464633634313835323966646666 +61393030626237613838376533326333623766346664373538663431393766393934386337386235 +35353330333665396563653836623637303162356362366366313230366165373064353838386261 +35343961666561376236663333366261343564373131316539393930353837363330356235613662 +36336536363331663462666135306637313464653462366538303166303132616330393066333362 +64346639383366313661643939666338373062356666336434653535653834303366333264383163 +32646562316261613664336230363737656437383066383431303661343465343339306634633061 +35336630383630353565373031386239323365633061303137373737613339396264326433613462 +30396238636134383231353739636430336133663539323734393863363333353734363231323338 +65336633353830656234313161636461353535666539346532636634306363316265343635396163 +31373533353963313134366662346430633762663839303538316432363630306137346633616466 +39313661373639333339646636656534633761616236333538313438343838306434333632303735 +31616330376337303532356662613835343663326637326635346136613535613833386565616332 +39663436343232653434396262643039616362323233623636306636363134323163653333643464 +31343734633634623839386264633064636130623339613133363733613430363337623137663531 +61306235363637313033346234363862313264633338663266346361346263303035653365633831 +35623238373361346531316435313233373136613436663032303366336130323636313238653465 +32646334616634336566333432656661636361383138663138653039383834353131383637306339 +31366561323963616566353338663366613265303166636563333234333662343561663139336465 +64623037303862316439336431336564396530366566623136383434313238313262663334366562 +36306330343261653632363536353833356534323462373632653664346236323264616464613665 +65393064333737343164336566323664633237323835613531323832313065323530613839373465 +65366463396364633661373635316166353137656438323939373164633938316534633730623432 +31656366323530396464343366643065373632656434663263643430396535616239376361656638 +38306665366563306164326265663036303861313034383464616139376434613734326531363533 +65656135666332396662336233393330333035346464346632316137613138326336393463613731 +32653063383330383966633735383930336564366163373738303964666262656238333232643663 +30313736653335366337353465333231343665356630396431396566326663326536353436623331 +65323336666536323864366437333065333134343365396134316262396439643338373661616535 +39323839393761663132663430613961306361303036643663303439333635623638646263346539 +36303939336234396532356334326239633337646365613261333138383264373161346566393734 +38303733343530316264343536623936396265613535393237396564373866356539323033636366 +33366130373937363664643961633838393666656636613930666161653265393036303035633831 +33653932646330633031643964613864643766633235343263356539353433366332303137373163 +35326161626231643264303635656461373735373535303234653533633836646530366463323664 +37313761626263316132613262323266373066306631346138623862613735363736353438393561 +38353630343133373232356530653639633834396565373462313833666562373230633765313939 +66306138656233653234353836356433313462656664393832643031633334393435373366376637 +65626631363565383763633964633439623737343833326635343435356366623635313233623163 +62633833326433333432363062633134386161386562303561336638373236653735623933306530 +39656334393139643064326438393065366232616631316335626466303236623533323530303839 +65356236626537633239613936393961633863383964356231613863326431353566663830313961 +37363364623634623866316162616262383164373837306132623536613237646462393135646639 +37316432373639643836623661346334323364316536663834396430356431336561326262643963 +38333662633931383065646237333537623339303863333438663131393339616138643231396138 +39656666316232616432346436616663646539326166363365643664383361393038613731356261 +33303365366238656335376534656662393439333365326536386531326639326336316661623838 +36356165633564313863316636656335386635333962646237656135313635346534656461633737 +30373738613138346337613663386161643139663039363537323764323935666566376232383661 +66336339353837656133636538313139346130613037353638663631613934306634366565653363 +61636639316139616239303666633261333631333331316231663437626361393364663937393235 +32366263303561386361313739643364616165316164666664633738616536626331643462653633 +31336166356630313664313233386131383230306236383765383331303536396134353566396631 +37343439383731313166623738373930633835303963366633313031323337653735306338666663 +31616135373466313663323562383438356537623039616230363763393230343961343563613533 +30646536366639393431613666623039623162316238663334656134366134646536636665353536 +33646566366239333438633435353130313737643131666134623663313864633537613533643131 +39306630323063353238333066386235343132643237666237626662393963376565363466306330 +65363663303262633731653164373934653739666162363134356636336364333663393036356566 +35653430653164626361373137343866313762323236616635623739653938303761316238633138 +30336337613063393137306134633738363235353862366233626439383938326162666135363032 +32643533343933323139666665356432633663313232653834653931323362646537383862633338 +31396237616661363033376162303961613735626364636563633763666564646138623737613834 +61616639383761616232393537306339306261333864333561636232363430666333356639313032 +62653038396333323233333934303932336538303435343134666334643933323130643632343632 +64396365663564623331393933653638306432323263616464333436353531646236353633376335 +66663531333932333835616631373362383436613165396430623766643163653833353134346432 +34643163323265653732393265393138656663656561313566613365643966656330373239333138 +32663035646230323634396634383061633265303063663439623339333735396534383436376666 +66366338633061623166303363613939663363356336303864346563353261323766396134366233 +34353539396536366163363662383961383438373336313235393739333936333138633838356332 +61643764636130633235373961626464623035663662653366333438323634616631343436613632 +31646632303266396662383330656237373737336661613866663031353661336438646137313166 +61663430326438396632333230303036653333653436326261646364343033626132343033353734 +32646438616330393435623633653061663938383333373938393637313030373030666265653936 +39353833386666613539613765616532313632323437636663313935663765386163653332333934 +36343139363133333366666365643533616264623637363366386239396339333532303336643831 +63346661356163333534343131353337636438353465643437363436383338303338636262386437 +63336531346236643434316565323634323339613134343363393065666331353930663234646562 +62336261646164303236316630656230363539636666613263653732396634376438663162633233 +34336463326133346164396235616665653136636665663866623536326336616661343265376132 +35343263333262316164366537663337336433626335303137633938656564363961383664376563 +63363961656263663966323635653332363833343565666437346534363864326263396436343663 +62643132373835333734396237613863313032343030656138393561626562363839646137356130 +36363634376230366665666565343563643733636366636232376531636462653162636665656164 +36346336343733323461393230346530333165343432363037306130663132393161383262323663 +34663838376164636437666534613038366134343039653735343738633363616330646631323265 +38353163336532323864343562636163396136386432356562623730623161313662383933333262 +63386638613362643435636238646465373134346439346532633666303833623331356234386466 +38326461366532643134303237373261306132363161336631353532616531306637383537303635 +32633665326331343430393034356463303862343762363638656664386339386634363238366564 +34613036303332336430656131353535393065333830306332313037323236616537333834353663 +34383830333838336465613535363535636261343831656563396266326565316131303131383864 +34396566616136356335333261383361333639316662383662303031346138643036613563663662 +64616234633333363961396263323037623036393737383737633230313264653436626463613737 +37663633393835643466393335353832396130636538653439623636613231663535316664343038 +65643365306330356363393831313137613966383839383532636666663965613236363462613339 +61636261393233383466386262396665663835316430323235633537386139323037326232333661 +64646665633331353465303631373931353364366661666661373161633961653738393963363533 +66636432643464353863613439656463396463346237643961656434303535663234336361373939 +66373766396665313933643837353137333164626338313062353930363434393338363166663832 +32316337613634396131343639643837323437343065646465663838646665633238303064333666 +34396237333534623937346530653433643438643335323937303532333266633830313965366136 +33653533653630353166643061633739363031333834386266313864306162366632383561656566 +38383930613366663466303433306266356634346165396364666533653830616432373631656666 +38326266656663623166313336343266323763666630393030396263313532393833366265323465 +33613637616661353363653634386662663764646264396239663435323931393633396262316131 +30643634343338306637663734376139613061336530623137336539666236646339353935383731 +61343537356233653161653437616230643731336363623866383137613639626562373839376465 +62303037376230626531636635323631343163323530383636323565643931363866613238396335 +36613633326134396637656263326566613937313361333736633062313065616163646162336539 +34336138616432623461373933323364653666396535643637646538363564666238346662613966 +66666332323432643236343335313430303661373434333961303263616432313064633433336339 +61623636343235313131366164373139613533333632343339643936633637636163363165366665 +36343035393765386366633032323731346565666138663633663734303662303638316165303732 +62306132633531323936646539376265376133313230656466663136303261626535393132346339 +34303532363832323537343134663363383538343738643331613964636662313337343130336239 +62336262326538303532353062303532636532356330346465636230323861373437346231663535 +65346664343761643337363737343532306561333632663238343039616561356334633732333764 +61326264326334396535303231666166336530343730353532666330326163646265653063666532 +39613666393036356265376232393036386535313030633366656364386433363265336666333938 +37333764383661366330393866643333343031336236366138303432623937363232353366386436 +33366537356339336161386139623464376238613365346562323537346335336434313761353633 +66656163336530663361306539663031373465326532306264353963316136333731613464373636 +34316662326133336335323231363465363830626164323864626562663930343034363833383130 +32366165623966313233383935366533303533623133333964313364363662633062653535363965 +66343139656361666437343462346333376232353233643839323732313536646337346632653933 +36633039376532386432386239633261636263613630653636633761656236663930306364646137 +62353830636234326138613966613333663066653833626262356330666533633661626534323361 +36383265663933653463653634363930643833636234336666633062623033663162646366636231 +34323835303332306563306166616636636661353132643430623836613335663664343764643933 +65396531363266653738626434396164616238393163643161353839643934623865326362366338 +37393438376531343731346637363839303034316537376461363635336165313933653463663638 +38636166623766616634393337393832346466363939393235363566373630376364383631333864 +61363763613961643034633361393661633166656362316261636531663231663134373164323636 +66353837333561393835366564383965353836613236376537613962626162646565616363326331 +36383833326664376238396535396136316366356332363262633933323632623932663166313564 +33653337396364633364366533623230353939666335303165333261346436663631363366356632 +36346136353737313466336133663330393232356237663563383135363064383061643337613566 +66656338336337353931303433656532323931346530396462643637323966626134316439396466 +63666135623662343134366362373730396638333536393530643063616163643465663163313962 +66336334333138353332643130376539653837376462333665366462353538653239383338356534 +31306433656238326334663639366262333538363839623332643762356564396233333061343632 +61613037626663326436373664353837353861616530326165633763373465646563646635343032 +32383466353134666237373263303962346231643834366530616631633166613030363866626530 +31643361643864633731316639373765656163333162643735326533356139323165313832383238 +36663039636263313363396139363538393733616561313462633465316566636562633431333566 +39353731616565643362643838363336623063383465663733363265366538626236393433633363 +61346161313436643531643362393262393432353530666231386431306238613565623630636533 +65396431306566663561383366613132313862363933393539393532636666396563353566343366 +39393334303066373465383562633038663965353536326137333830336263656631633963643630 +34626266326236343565313736356562646532356164623561373037383034613837376232393062 +65386333626639313933633933383861346530323230616232633538363438383464353066643963 +37633861616264613834333837663766373462666235323662303036396430356230303936363461 +63633562303833623338376538393239396263623837663331346330323665613434616537616239 +32666134653663373965656532613830613533343732613430353334646337613837643131396433 +63346538303038343837303361343232323733356533643463663835363536326239353363646332 +31613730626237643932333862313666663666326330363463656237656333633230626238623238 +35626234656132393064323837326264633630343631346161373630376131323835396264346439 +36306637666261633230613463653334623737356561303931633738356636643335396634363138 +66316236383165663033383562363633616432366461316333306363643763386334623438666436 +66396131303330643131333966336333376131643335393264353236343735336439616139643762 +34396566633861366666373962396165306339383363306238346637666330626366616663323636 +39633131323532346662343132316430313831383533663433306361643032373338336661383838 +62383936363433303734646563326438653034633932353235306536636434336537633566646262 +65386530313537666537373338653933323465373739376132633863633961373662333962323936 +62363062363733393733626166613839633862303138356332383133376664343962323534393362 +62363334653938373063356233386534346332623865336636303862666137386430363462373239 +38353666623562636265316435303439613530656235623265376165643639343339663235323633 +62353031393934326237326664326136663437613264323365646539613231353732616461316337 +37623735306539616266336333336433363263373430656164343138646234343561616133623038 +63396464353832616465616235623730663830376335303833306332316330346535316536306363 +39383066336164313165613533663932303736386535363261643863663964663034653638613466 +64316161373235656335386266636566363732343136363239633765363935373765366332376635 +62323231373130353233666235643433306431336234326362663265636334633766663061376533 +30376337383031366366373363316636623161663131623939333130616530633065343066656461 +35613536303233613331616238363363656337363030356537386237306238613036653431636534 +64366466303332306263396331616466643534643330353536623538356435656561306163353265 +61376363386161346435333863373733376234643337393765623765633136636633353731393933 +37366565366230333364623966653961353062373538393538306233323139646334366561353862 +64613731383636303831383965373864663433323465306661636430666530396263313032366533 +64303039636339393762336164396337386333303062383830383263356561333332633063333962 +30656130613465303132343666323035366433333232336637326238616337613138383232333865 +37396435353733386230303866386437306433333164323163326665383138393166373662656337 +66366463343963643666353939616232386166393163346638663637653339306364336539333330 +30396634636638356537656532393561623766326134666336656461383534636362666332393433 +32656434336332326335613465383033313537313764316435636164373535393861643934643965 +39653539323433376262343464666465356538303561633439333230343332306537343834623237 +34643836396435636639313365653738346339646162386534636235366434623662663961306461 +37366632353939353238613136313739343361656337396464346265613664313961636537643030 +32336530313131333537653938653561666233636364643932373536303264306261626537386264 +64303533653865316237643162303566383664656562336630393563346536326136373538623262 +62313438313833376164343865396533376366633366366439363336333830366434393330353661 +66386531323466626162666461393030383161646538366334386432373437626263646135613431 +61323764356436653636386136643262623239343465646663633634356361306634313062633765 +34356364666237316535666463343063333036336230336562393331643239613435386631346663 +34623835383266383864613261626438373261623266336635626330386531373439646263376132 +36353163623166323734396637656465363064343837386461383639303566366137306366616338 +62373336393963626237353237356432373637646465376133666537353938333738346665663539 +63326135656362633637663365656238313637376438313939373339656564303534343936656163 +38393239656637633761666137303966366466613031666561343230373865303736643034656130 +63386336363335623066363963306130323964656137326439653934633461343733373437626664 +64396134383335323335396463396238313536376335626561633166653463613732323136646335 +30623463393230333164623833303065396135326139613539353063396530326631326562323861 +64333166343764303761363866623031323165653533356333653431316533633462383038383533 +39383739666462393063393738396631383364643732633239393363363666333433303233376435 +61336662323138353537366336396631653661643435306338323130646432383064646334386536 +35393765356264616365303364396466343838313966626462346534626361346636353532343434 +37326161323236613466376435316233386362323031323934366364353333616636333033336131 +30386238333638356539653039353064333530363630383264333163633462633637633436303534 +36323832636435353836356436343233636630363131393633653037333238393337653134366464 +30363632396433373933636661613534326364393561336232343938633166306362313637386231 +63363564363537663236306330313534636235383265316131663532373533613939393062323462 +30633062373431333535636131636333313865363963643362623138626262623061653938393635 +31343262633437343236373835383761386632336665386661646632633435636438306564663565 +39643962356561633365383931316533666331636639623163313937363430663039366261373337 +65656530393737653435393563303661326466646636343935346466663361313030336630646265 +32666162313062316233616530613739616661646433643035643638343535303935366630396639 +61646237316466613431623837313339343761636666316539333163373863636265343763636633 +65343065316264313830396437353063313563313230643766333066626366343265616231363136 +37663233616665653835663837353533386466633962366165613063623133663965383763646236 +36306461633335666430653063373735326163616430356461383130356166653739373637306362 +37333164316561666564643761643761343430653539366561303537613936333639333836356663 +64306132393838366131613663386266353834383564346432396432313234303631346466303037 +30613030616139663863623764356165313465353638356465653362356334623364656436633633 +39396664336530313636386333356361386539626532356133613564356461663364653937393933 +39373065306665613964363564666232333239623335393830313766373831353037626635303130 +34663138343133653132616534653061616236313139346236303238333235306166626637636435 +61313231613665373162323433303764663766376533626230363738633533653661376435623439 +34313065643331346134623333393866393433376136373837333961353666333834633363653434 +34643162343966306139313463353530316436373838643164636139323536616233646363666538 +62333937336662393264383738373437666437333532386162306635356130306466343837623435 +61323132613434633934386164336432373632663839363339356135336263613962363431343030 +38616533373333383833343330323365626635393835643133666566343361663166666331353837 +63306564633131353338633266393638663136333539323331363738336334303232346437353830 +62653561353730363138363264666335363730383137343039616338346363353332643361333939 +33386532303364663634636533316464623031623432386432656232303536376166376264396636 +38646664646362663331393137316436346630323863393330623264626264366333333064306565 +33323430336333313663306531623062666563616366666632656663366639376530366265626432 +30643436393632613062646232313866633530343130346436393837306265666233623366323763 +62393038653366653763636337373339383362623663656234643239363337393634353532393334 +63326162666236373531323664633463633037303064626135636562396365353461663535653237 +36666564623366666535626439633333616639313763623931396434363333663464323733653235 +37363538356634306263363665643931633565343662343333376565366463383938346664333937 +61363233353634323462613838373764373532613639306461383266616262356635656337316265 +37386661303038373134363032613664396539383164656630626430636633363038653764383330 +38623333633162393565643035366130313636333635353766336334663065653630623633666338 +65363266623933376233326236623734343161366163396537376334356530326434346166623639 +38656537333430333831316437363364343963613939386162343334306339636463323063623636 +39363965346362393965613539613735343537376336636239313661636231313938383439616134 +66633661376537616437396638383365373039623736303838306563383265666364306530376537 +30373335386436386232363339633031373339306432336462333331313864336434376364633966 +32353539633863663730333330353730313738366331663162666636653839656433393565386663 +34373163393062636335396334343562616462363434306239633430343064636239646561313032 +30663139653432366363666439356662663264303364666135346561373439306333323434643632 +30353037643866336565373664383832343266333865636533653838343962663164653563613236 +63336163383638306537623338383262383933383261326665646437343133316439386435346635 +36366239333531356539383733623666323365383139336361356532616537643633383762323831 +66343463396534353137343133343064623939623634386634333964663035373631366138663062 +32616464366530303530376463383035323036666165346536306533646139643135636339616430 +64653838636562386465663434376136623131396165646364613061356138393366313732353736 +39353030316130303737623638306235323365356132393163626535633866636132633562353938 +36336461393661393164303535663364323631643163303735306238346266373166306534373139 +31393531643933393434623930303161613432383362313561346664323964393431393366626237 +36663462343165343930663661346534646533366136666234393166623638366166303537323130 +36356536666536316465366236323639396233376261373834656130353565643064373234343832 +65623934343964383636313631623766336462346435356439663762663637393331306138393365 +38316230386431633764656438613366316236323735376130363361393365303264316337373261 +39643038393062633362376261353632376462613962343132653134303333643065383166353535 +62383439303034366535306265393232666438386461663834353438386633313036646535376437 +36373965626433653261653633303163653436376136383234383238646336333139326538306534 +62393163666237343830626564643266366431386632643137313566343930356431373065373434 +34656261383731666233386239616161356664636434366239303235333662336332356162656264 +63363837656435646438366266386332303237646136656462636563353434396361623934323063 +30666336353865313461356633356465663131306331303430653264343031626662626535643963 +66316465613061643065346561633836313037386565343639353936326163336337366263353662 +66353563626564623030666332643432666236323730643065336436633466396534656137643936 +31313932396335633934656639386130323965333763373534326238666239373037383131363432 +36333266386133343931353733333762623736313239383433643434653430626531363032623338 +63346366373165386362393362383432346561633636323438333163623964363037303934616130 +37653263323133376231633464333537343039393934616563373639326139303339343564666661 +35326633383865626364653833303365643866613932373762313964333835313935613136336439 +37363630613030373061623365333230306335666430646132666364623032303662353835306433 +33393432306162323961323162303061366263363161366561613862666535356235633165616631 +64373234643733353464356333323936616161306637663930373665653036303930656666303461 +61313433343034396139666437653430316133393931663338336634323038343863363136623564 +31656334653038323335376536646536313263373135396562616461666436346334306536643331 +32623666343262333935613230373434343935343935346462653364393135376463343164333733 +39336261656166383761373464613133373366653730366362396565396665363265663566646633 +38313832636639653465653538383365363534356361623639353432393562363032633737373632 +65316333616138643537616366376362646534396530373135366163666262336234653131663864 +31643963396639383939643937646133373736383832663331396433616464653963396663336434 +66646262636465616139656236383132613033623264393964393261616137313064393930353536 +30613661623262303034633961663337653430333664393933356434333239636261613532613939 +36376466663135363034663130613461353433333237366632323566643534343861353431333162 +31376564363639393833373231306566653834353266303865633534643062656439343166633435 +66373530313766306662666139373439376333646334383332363561633262666562326662313632 +61623538333266376664363466366637306434656165373665376263323031356531376539616438 +36353439633261626461633835613132356335303433646532646638356236346234376439333638 +35623763653434323766373332396164323137323332646533633038626131323639313666663838 +36363665663862343861373065316133356338613737366538306230353761653963633732306164 +62363737313363643866313037313561646239646231313437613263333034613362373732613739 +65643232383935346663393064303934633534393335663761313039376537373838316138643264 +64633636353039376430613365643164653362356362613238323266653239653633643564353838 +34366335353132336239376638363965643432323239653138393532363130616535383837356266 +33336234656231303831643161386630313361396238396137313065303362396534356366656135 +64383435633434643265666332663161666463393733383831333162653263306464366538656134 +39353439363562316336666362396262376661663339386236643038373838663762373862363539 +61326132636663386135373930633731633035363437663765336234303162366431636135643962 +35656138343537656466313864366135366366383035323463363064383330323030636335613335 +32333762653838653663393064646461313161313537323030633735373338616531376665333866 +66326539303764633864343063636538343166616463393538356562626137396365656334613465 +34393633633565636462306437303732346231363032303238353335666662386361306464646462 +39633831366236666639636436613234653530633034313633646365616639373166636636633363 +37316233656566633136336130333532316131333634323464303832396238396463356237616532 +64383235313034633838656666323331303939646265633865323631323737306539306333643163 +38623337393439313462656561623136646632306635643566383239663562373432353461323237 +32363763333266386135623838306663643933323463366337366236373132656230393661633137 +32616366636536653839643062633065373264356639656137316563613161626636396664306438 +31376238363030333335303861616466316631366430666132663238316663353166316630613566 +64616434353963616637616435383066323032363732613639343462376632383731383230613761 +62633032396464613664666463626333326133653637393337653037663631633064633632303139 +34353264303764653863383962613833303130316366643336333166646231663236613530306531 +61623565323335326562346138633935373434623733613730653436313138356235653931363737 +33356637396130663837313261613534646362636335666266313166616533643062336335626664 +65303333343633663466613238643033626239326431323933306234653537376531333834323366 +63646131663039636532313434646434646535656638623337393762613261656634343530373132 +33616331346135653761396264323638663335306236376133306361643037333664306437613736 +66386630393562636132623239346130326662656335303166383565626531626530383364363937 +63323864396165666331633735303334326237323639313339383366313063303463663563313062 +65326333653932316631393737376638666433656335386361653231333134336537653931643237 +66626432363139663531353164383961376239316266393730366633613430343838633366333237 +37313464656563323137306465336131386339623232373766616661383739636435356630333861 +39623564383137656435376537363866666431323332616562353161613434666464303431313138 +31393238616632343539313365376134616334303238373333303939323132343730323432373239 +62613861353436333330643235666237366361303566376131666532613235356636366534653839 +34393861316533326661623333393663386431393231656261346134313235366331336230636131 +64323039343765323661376661636337313833643533383931376235613266313962363462663539 +65363235323061383434396365333732333037653234623363386632343662646336646666373534 +65653162326465306633653562333661343461333739356635633334623264343034383838386433 +65666230396630383037663763383438313138613537653038666365306533393233653530343063 +35353736653466353764663738393938663433653863613532353764343432313239373031396531 +61396133366463663765303237313666326262363265613833353462643430646538333664373938 +64333064363634323737653234636263663236396630666433623433383237343063363834393362 +61353138613435383937623765626437633464626336303534653931303266363165633233323861 +35643838396431306337663565323336313366323639383931346336386438616664376132333365 +30316430663735623138653530376266373331633963386630383536323139333632613638613065 +61653634303936643266656537646133346636333334333663303430646631616637383038376463 +35376430663561646130623864666130363662346339386437353735356561383336313332323439 +39636436343263343838386239656532353166643130373232363439306435663937343866643732 +39616335626533386230646661393839336532383034613330656432396539303336656638333763 +66663261313863343436303662653462343338656664393864353932623730323039373536643534 +31633663393135366536366264666564626663306134656130383737646631666165613935363963 +37366331323865343232306534303665333761336361633030343466323335333164333662396135 +62303331383536343739643837623537656538616362643230643962303131323333643361623330 +38643637333165623462663235653438373164396138353833336237636361333431636562373531 +65623762643463383165643934663766623764663565616436316465373061613731616338376264 +65663636383861303737353034363439656632346535646630346663636637313631353136616133 +30623765323366336238666663393833306238663933313636633934383835346334613232623066 +30386538633066313531373037306161636439383535623433666534616566393034303736333034 +34303634313637336333343962616339656430653438663762353932373965343635316661343231 +31306234663134393964663137656433666463323664653339646533356630643230303438666162 +38613062396361353534393065323164326436323437643264643363343366373230633539383366 +35326136376337343732626132336130363364303364396332623530313962323163656439333838 +64636536356535626132636138373464363735383639633934636162623462653333666361356432 +61343838383530343764366161323432313332343538383434313561316363373831633163653664 +34663237656164333731323138306263633235643936356466343737633231636235393436323735 +32313633626462393434336132646535663535643465653030326165356330666338313261613538 +66646430326336373238306236353466363630643565353562303636323038323261336161633365 +66313065663265643338336139396364616333663666343062333764626462303934646665343333 +35626663356661656431623037386662653336373865393031313330316334353332656536633738 +61656235313234373638633534336138626333323739383962373363616363663232626136313733 +64333731353765373033353136646436343135316163623861623035613634626238336538363933 +39626636653064313231386137633232663762363863316264643061333230313134306335353438 +31616430393331353662653433653234383530323463613437613236643937353065313536376635 +61393936386333356339346233316462353235663561383236333632383735326462663733626265 +30313837646435356330356437343164376634336639346431643837333532386130336535316232 +38303365366635303662636138303661636335613865643536376631383962343266376438613366 +34353161613032393135306664336338326439396561613133396333643635343363343264396334 +64383231623037633566613933633536653630653834636164316365396637623163373134356531 +38623738353130373332663965653639373465333231396561363839663338363439353632653136 +30663537636462646266663766353666386634343630636365333465316230643336636639303063 +65316166636262626634383166343038653333323934616139373561363137363438363364663138 +63356537663433616239653531316166626432613639613431656133396466393132663837633233 +63363633393965326266383366666234343531353563353232383562636462386330373463353932 +62376132633163346434356434613937633338346663316164373865363431626133383261613363 +66396431633135643931616436613665386432336433303061356666646135333935313761386663 +61633936626437636235616534636431666434313533393866336533323063653432313930373066 +61363530636532323265373661616163393363373135313264373434373265663533663333313434 +33643331356364313937643366373664326232376537343338616133616661643365633265626262 +66663062643563626462646336396335336262623962643361623562303030626166326233643162 +30656537616162353732616435616566306337343762316564323737363232663066 diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..e048d3a --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: restart nginx + service: name=nginx state=restarted + sudo: yes + +- name: reload nginx + service: name=nginx state=reloaded + sudo: yes diff --git a/roles/nginx/tasks/install_certs.yml b/roles/nginx/tasks/install_certs.yml new file mode 100644 index 0000000..e65a818 --- /dev/null +++ b/roles/nginx/tasks/install_certs.yml @@ -0,0 +1,42 @@ +--- + +- name: generate ssl forward secrecy key + command: openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 creates=/etc/ssl/certs/dhparam.pem + sudo: true + tags: nginx + +- name: get root cert for ssl stapling + get_url: url=http://www.startssl.com/certs/ca.pem dest=/etc/ssl/certs/ca.pem sha256sum=916a8f9232328192968c81c8edb672fa539f726861dfe379ca722050e19962cd + sudo: true + +- name: get inter cert for ssl stapling + get_url: url=http://www.startssl.com/certs/sub.class1.server.ca.pem dest=/etc/ssl/certs/sub.class1.server.ca.pem sha256sum=e7241cd06fed26efdb1db2283ce5c2f9693b18c6698d76b0427f39c3f71ee001 + sudo: true + +- name: generate combined cert for stapling + shell: cat /etc/ssl/certs/ca.pem /etc/ssl/certs/sub.class1.server.ca.pem > /etc/ssl/certs/combined_startssl.pem creates=/etc/ssl/certs/combined_startssl.pem + sudo: true + tags: nginx + +- name: Copy private key + copy: + content: "{{ ssl_key }}" + dest: /etc/ssl/private/koodiklinikka.fi.key + mode: u+rw + tags: [nginx] + notify: reload nginx + sudo: true + +- name: Copy cert + copy: + content: "{{ ssl_certificate }}" + dest: /etc/ssl/certs/koodiklinikka.fi.pem + tags: [nginx] + notify: reload nginx + sudo: true + +- name: Copy nginx SSL configuration + copy: src=files/nginx/ssl_profile.conf dest=/etc/nginx/conf.d + notify: reload nginx + sudo: true + tags: [nginx] diff --git a/roles/nginx/tasks/install_nginx.yml b/roles/nginx/tasks/install_nginx.yml new file mode 100644 index 0000000..d0d03b7 --- /dev/null +++ b/roles/nginx/tasks/install_nginx.yml @@ -0,0 +1,41 @@ +--- +- name: Install python dependencies for managing apt repositories + apt: pkg=python-pycurl + tags: [nginx, repo] + +- name: Add nginx repository + apt_repository: repo='deb http://nginx.org/packages/ubuntu/ precise nginx' state=present update_cache=yes + tags: [nginx, repo] + +- name: Add nginx repository signing key + apt_key: url=http://nginx.org/keys/nginx_signing.key id=7BD9BF62 state=present + tags: [nginx, repo] + +- name: Install nginx + apt: pkg=nginx state=latest + tags: [nginx, install] + +- name: Ensure nginx config directories exist + file: path={{ item }} state=directory + with_items: + - /etc/nginx + - /etc/nginx/sites-available + - /etc/nginx/sites-enabled + tags: [nginx] + +- name: Remove default nginx configs + file: path=/etc/nginx/sites-available/default state=absent + with_items: + - /etc/nginx/sites-available/default + - /etc/nginx/sites-enabled/default + - /etc/nginx/conf.d + notify: restart nginx + tags: [nginx, config] + +- name: Allow tcp/80 and tcp/443 for HTTP + ufw: rule=allow insert={{ item.num }} proto=tcp port={{ item.port }} + with_items: + - { num: 1, port: 80 } + - { num: 2, port: 443 } + sudo: true + tags: [nginx, ufw] diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..8cec78b --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- include: install_nginx.yml +- include: install_certs.yml +- include: nginx_config.yml diff --git a/roles/nginx/tasks/nginx_config.yml b/roles/nginx/tasks/nginx_config.yml new file mode 100644 index 0000000..c09a446 --- /dev/null +++ b/roles/nginx/tasks/nginx_config.yml @@ -0,0 +1,34 @@ +--- + +- name: Copy nginx main configuration file + copy: src=files/nginx/nginx.conf dest=/etc/nginx + notify: reload nginx + sudo: true + tags: [nginx] + +- file: path=/etc/nginx/location state=directory group=web mode=775 + sudo: true + tags: [nginx] + +- file: path=/etc/nginx/htpasswd state=directory group=web mode=775 + sudo: true + tags: [nginx] + +- name: Copy site configs + sudo: true + template: > + src=files/nginx/koodiklinikka.fi + dest=/etc/nginx/sites-available/ + notify: reload nginx + tags: [nginx] + +- name: Enable sites + sudo: true + file: > + src=/etc/nginx/sites-available/{{ item }} + path=/etc/nginx/sites-enabled/{{ item }} + state=link + with_items: + - koodiklinikka.fi + notify: reload nginx + tags: [nginx] diff --git a/roles/nvm/tasks/main.yml b/roles/nvm/tasks/main.yml new file mode 100644 index 0000000..c7c97f3 --- /dev/null +++ b/roles/nvm/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Install NVM + remote_user: "{{ nvm_user }}" + action: > + git + repo="https://github.com/creationix/nvm" + dest="{{ nvm_path }}" diff --git a/run_ansible b/run_ansible new file mode 100755 index 0000000..d61c505 --- /dev/null +++ b/run_ansible @@ -0,0 +1,4 @@ +#!/bin/sh +ANSIBLE_SSH_ARGS="-o ForwardAgent=yes" +PW=`ejson --keydir=$HOME/.ejson decrypt secrets/passwords.ejson|grep ansible_vault|cut -d'"' -f4` +echo $PW|ansible-playbook applications.yml -i hosts --vault-password-file=/bin/cat diff --git a/secrets/passwords.ejson b/secrets/passwords.ejson new file mode 100644 index 0000000..b3c6dd3 --- /dev/null +++ b/secrets/passwords.ejson @@ -0,0 +1,4 @@ +{ + "_public_key": "94f3af35ad208d7bc7e3ddf1f9d181d090e3a1c74f9d56851c4f0f1efb04b571", + "ansible_vault": "EJ[1:OWX1r5HSlWaeU1DFcsLmnlpWXYYnxpEMHrP9apw/zE4=:uM/P51yx6NHkN1QNe9cQtCTHynKupSPY:uw0T2nLvz/zqGapV8j++GDqNNQUvMLBF57aBnTxSkwWTHk64]" +} \ No newline at end of file diff --git a/tasks/webuser.yml b/tasks/webuser.yml new file mode 100644 index 0000000..9a2abf1 --- /dev/null +++ b/tasks/webuser.yml @@ -0,0 +1,18 @@ +--- +- name: Create web user + sudo: true + user: name=web home=/opt/web password=$1$U7pTMMko$SY19s1PIxdD2NCFgM0LQr0 + +- name: Allow all users to log in as a web user + sudo: true + authorized_key: > + user=web + key='{{lookup('file', '../roles/base/files/' + item.public_key)}}' + with_items: users + +- name: Allow web user to restart nginx + sudo: true + lineinfile: > + dest=/etc/sudoers + line="web ALL=(root) NOPASSWD:/usr/sbin/service nginx restart" + validate='visudo -cf %s' diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2 new file mode 100644 index 0000000..1ba64b4 --- /dev/null +++ b/templates/sshd_config.j2 @@ -0,0 +1,47 @@ +Port 22 +Protocol 2 + +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key + +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication +LoginGraceTime 120 +PermitRootLogin no +StrictModes yes + +RSAAuthentication no +PubkeyAuthentication yes + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes + +RhostsRSAAuthentication no +HostbasedAuthentication no + +PermitEmptyPasswords no +ChallengeResponseAuthentication no +PasswordAuthentication no + +X11Forwarding no +TCPKeepAlive yes + +UseLogin no + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +UsePAM no diff --git a/vars/users.yml b/vars/users.yml new file mode 100644 index 0000000..cb44f2f --- /dev/null +++ b/vars/users.yml @@ -0,0 +1,20 @@ +--- +users: + - name: riku + password: "" + public_key: ssh/riku.pub + - name: lauri + password: "" + public_key: ssh/lauri.pub + - name: ville + password: "" + public_key: ssh/ville.pub + - name: janne + password: "" + public_key: ssh/janne.pub + - name: rof + password: "" + public_key: ssh/codeship.pub + - name: n1ko + password: "" + public_key: ssh/n1ko.pub