Updated nginx, refactored inventory

group_vars/ext_nginx.yml

@@ -66,7 +66,7 @@ sites_available:
       - 10.242.3.0/24
 
   - fqdn: vtt.ezri.dev
-    enabled: no
+    enabled: yes
     upstream: http://10.242.203.13:3000
     max_upload: 512M
 
@@ -97,3 +97,4 @@ streams_available:
       - 10.242.203.1
       - 10.242.203.13
       - 10.242.3.0/24
+      - 10.242.0.0/24

inventory

@@ -5,61 +5,110 @@ local:
   vars:
     ansible_connection: local
 
+root_login:
+  hosts:
+    tynan.rum.ezri.dev:
+    dewalt.rum.ezri.dev:
+  children:
+    proxmox
+  vars:
+    ansible_user: root
+    ansible_become: no
+
+localadmin_login:
+  hosts:
+    atlantis.net.ezri.dev:
+    agatha-king.db.ezri.dev:
+    assurance-of-peace.ext.ezri.dev:
+    peoples-home.int.ezri.dev:
+    nebuchadnezzar.ext.ezri.dev:
+  vars:
+    ansible_user: localadmin
+    ansible_become: yes
+
+self_login:
+  children:
+    desktops
+  vars:
+    ansible_user: ezri
+    ansible_become: yes
+
+arch:
+  hosts:
+    tynan.rum.ezri.dev:
+    normandy.network.ezri.dev:
+    serenity.network.ezri.dev:
+    rocinante.vpn.ezri.dev:
+    gathering-storm.vpn.ezri.dev:
+
+debian:
+  hosts:
+    dewalt.rum.ezri.dev:
+    atlantis.net.ezri.dev:
+    agatha-king.db.ezri.dev:
+    assurance-of-peace.ext.ezri.dev:
+    peoples-home.int.ezri.dev:
+    horizon.ext.ezri.dev:
+    nebuchadnezzar.ext.ezri.dev:
+
+proxmox:
+  hosts:
+    deep-space-nine.pve.ezri.dev:
+    starbase-one.pve.ezri.dev:
+    tycho-pallas.pve.ezri.dev:
+
+
 containers:
   hosts:
-    "peoples-home.servers.ezri.dev":
+    tynan.rum.ezri.dev:
-      ansible_port: 2231
+    dewalt.rum.ezri.dev:
-      # ansible_become: no
+    atlantis.net.ezri.dev:
-      # ansible_user: root
+    agatha-king.db.ezri.dev:
-    tynan.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    dewalt.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    pathfinder.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    sojourner.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    atlantis.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-  vars:
-    ansible_become: yes
-    ansible_user: localadmin
 
-unifi:
+vms:
   hosts:
-    atlantis.servers.ezri.dev:
+    assurance-of-peace.ext.ezri.dev:
+    peoples-home.int.ezri.dev:
+    horizon.ext.ezri.dev:
+    nebuchadnezzar.ext.ezri.dev:
 
 desktops:
   hosts:
     normandy.network.ezri.dev:
-    serenity.wlan.ezri.dev:
+    serenity.network.ezri.dev:
     rocinante.vpn.ezri.dev:
-  vars:
+    gathering-storm.vpn.ezri.dev:
-    ansible_become: yes
 
-sysadmin_exercise:
+unifi:
   hosts:
-    phoenix.servers.ezri.dev:
+    atlantis.net.ezri.dev:
-      ansible_become: yes
 
-nginx:
+int_nginx:
   hosts:
-    peoples-home.servers.ezri.dev:
+    peoples-home.int.ezri.dev:
 
 ext_nginx:
   hosts:
     assurance-of-peace.ext.ezri.dev:
       ansible_port: 2231
-      ansible_user: localadmin
-      ansible_become: yes
 
+nginx:
+  children:
     int_nginx:
+    ext_nginx:
+
+htpc:
   hosts:
-    peoples-home.int.ezri.dev:
+    serenity.network.ezri.dev:
-      ansible_user: localadmin
+
-      ansible_become: yes
+docker:
+  hosts:
+    horizon.ext.ezri.dev:
+
+postgres:
+  hosts:
+    agatha-king.db.ezri.dev:
+
+matrix:
+  hosts:
+    nebuchadnezzar.ext.ezri.dev:

playbooks/roles/nginx/templates/site.j2

@@ -13,6 +13,10 @@ server {
 	ssl_certificate /etc/letsencrypt/live/{{ item.cert_domain|default(item.fqdn) }}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/{{ item.cert_domain|default(item.fqdn) }}/privkey.pem;
 
+	if ($http_user_agent ~* "gptbot") {
+		return 444;
+	}
+
 	if ($scheme = "http") {
 		return 301 https://$host$request_uri;
 	}