Updated nginx, refactored inventory

2025-04-02 10:54:07 -06:00 · 2025-04-02 10:54:07 -06:00 · f82ae818ba
commit f82ae818ba
parent 456a7cbeaf
3 changed files with 93 additions and 39 deletions
--- a/group_vars/ext_nginx.yml
+++ b/group_vars/ext_nginx.yml
@ -66,7 +66,7 @@ sites_available:
      - 10.242.3.0/24

  - fqdn: vtt.ezri.dev
-    enabled: no
+    enabled: yes
    upstream: http://10.242.203.13:3000
    max_upload: 512M

@ -97,3 +97,4 @@ streams_available:
      - 10.242.203.1
      - 10.242.203.13
      - 10.242.3.0/24
+      - 10.242.0.0/24
--- a/123
+++ b/123
@ -5,61 +5,110 @@ local:
  vars:
    ansible_connection: local

+root_login:
+  hosts:
+    tynan.rum.ezri.dev:
+    dewalt.rum.ezri.dev:
+  children:
+    proxmox
+  vars:
+    ansible_user: root
+    ansible_become: no
+
+localadmin_login:
+  hosts:
+    atlantis.net.ezri.dev:
+    agatha-king.db.ezri.dev:
+    assurance-of-peace.ext.ezri.dev:
+    peoples-home.int.ezri.dev:
+    nebuchadnezzar.ext.ezri.dev:
+  vars:
+    ansible_user: localadmin
+    ansible_become: yes
+
+self_login:
+  children:
+    desktops
+  vars:
+    ansible_user: ezri
+    ansible_become: yes
+
+arch:
+  hosts:
+    tynan.rum.ezri.dev:
+    normandy.network.ezri.dev:
+    serenity.network.ezri.dev:
+    rocinante.vpn.ezri.dev:
+    gathering-storm.vpn.ezri.dev:
+
+debian:
+  hosts:
+    dewalt.rum.ezri.dev:
+    atlantis.net.ezri.dev:
+    agatha-king.db.ezri.dev:
+    assurance-of-peace.ext.ezri.dev:
+    peoples-home.int.ezri.dev:
+    horizon.ext.ezri.dev:
+    nebuchadnezzar.ext.ezri.dev:
+
+proxmox:
+  hosts:
+    deep-space-nine.pve.ezri.dev:
+    starbase-one.pve.ezri.dev:
+    tycho-pallas.pve.ezri.dev:
+
+
 containers:
  hosts:
-    "peoples-home.servers.ezri.dev":
-      ansible_port: 2231
-      # ansible_become: no
-      # ansible_user: root
-    tynan.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    dewalt.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    pathfinder.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    sojourner.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-    atlantis.servers.ezri.dev:
-      ansible_become: no
-      ansible_user: root
-  vars:
-    ansible_become: yes
-    ansible_user: localadmin
+    tynan.rum.ezri.dev:
+    dewalt.rum.ezri.dev:
+    atlantis.net.ezri.dev:
+    agatha-king.db.ezri.dev:

-unifi:
+vms:
  hosts:
-    atlantis.servers.ezri.dev:
+    assurance-of-peace.ext.ezri.dev:
+    peoples-home.int.ezri.dev:
+    horizon.ext.ezri.dev:
+    nebuchadnezzar.ext.ezri.dev:

 desktops:
  hosts:
    normandy.network.ezri.dev:
-    serenity.wlan.ezri.dev:
+    serenity.network.ezri.dev:
    rocinante.vpn.ezri.dev:
-  vars:
-    ansible_become: yes
+    gathering-storm.vpn.ezri.dev:

-sysadmin_exercise:
+unifi:
  hosts:
-    phoenix.servers.ezri.dev:
-      ansible_become: yes
+    atlantis.net.ezri.dev:

-nginx:
+int_nginx:
  hosts:
-    peoples-home.servers.ezri.dev:
+    peoples-home.int.ezri.dev:

 ext_nginx:
  hosts:
    assurance-of-peace.ext.ezri.dev:
      ansible_port: 2231
-      ansible_user: localadmin
-      ansible_become: yes

+nginx:
+  children:
    int_nginx:
+    ext_nginx:
+
+htpc:
  hosts:
-    peoples-home.int.ezri.dev:
-      ansible_user: localadmin
-      ansible_become: yes
+    serenity.network.ezri.dev:
+
+docker:
+  hosts:
+    horizon.ext.ezri.dev:
+
+postgres:
+  hosts:
+    agatha-king.db.ezri.dev:
+
+matrix:
+  hosts:
+    nebuchadnezzar.ext.ezri.dev:
--- a/playbooks/roles/nginx/templates/site.j2
+++ b/playbooks/roles/nginx/templates/site.j2
@ -13,6 +13,10 @@ server {
 	ssl_certificate /etc/letsencrypt/live/{{ item.cert_domain|default(item.fqdn) }}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/{{ item.cert_domain|default(item.fqdn) }}/privkey.pem;

+	if ($http_user_agent ~* "gptbot") {
+		return 444;
+	}
+
 	if ($scheme = "http") {
 		return 301 https://$host$request_uri;
 	}