Skip to content

Commit

Permalink
initial commit firmware server nginx role
Browse files Browse the repository at this point in the history
  • Loading branch information
HellMar committed May 4, 2017
1 parent 2402aec commit c97aa9d
Show file tree
Hide file tree
Showing 6 changed files with 765 additions and 0 deletions.
3 changes: 3 additions & 0 deletions firmware_nginx/handlers/main.yml
View file
@@ -0,0 +1,3 @@
---
- name: restart nginx
service: name=nginx state=restarted
150 changes: 150 additions & 0 deletions firmware_nginx/tasks/main.yml
View file
@@ -0,0 +1,150 @@
- name: install nginx
apt:
pkg: "{{ item }}"
update_cache: no
state: latest
with_items:
- nginx
- php5-fpm
- unzip

- name: create config directory
file: name=/etc/nginx/sites-available/default.d state=directory

- name: Create config file for blacklist
copy: content="" dest=/etc/nginx/sites-available/default.d/blacklist force=no

#- name: Create config file for each domain
# copy: content="" dest=/etc/nginx/sites-available/default.d/UmzugInDomaene{{item[0]}} force=no
# with_items:
# - "{{domaenen|dictsort}}"

#- name: Create config file for each domain (legacy)
# copy: content="" dest=/etc/nginx/sites-available/default.d/Domaene{{item[0]}} force=no
# with_items:
# - "{{domaenen|dictsort}}"

- name: create letsencrypt directory
file: name=/var/www/letsencrypt state=directory

- name: Install default nginx site for letsencrypt requests and https rewrite
template:
src: templates/default.j2
dest: /etc/nginx/sites-available/default
register: gendefconf

- name: Activate default nginx site
file: src=/etc/nginx/sites-available/default dest=/etc/nginx/sites-enabled/default state=link
register: actdefconf

- name: Reload nginx to activate letsencrypt site
service: name=nginx state=restarted
when: gendefconf.changed or actdefconf.changed

- name: acme install
shell: wget -O - https://get.acme.sh | sh
args:
creates: /root/.acme.sh/acme.sh

#- name: Create certificate
# shell: /root/.acme.sh/acme.sh --issue -d {{inventory_hostname_short}}.{{freifunk.domain}} -w /var/www/letsencrypt
# args:
# creates: /root/.acme.sh/{{inventory_hostname_short}}.{{freifunk.domain}}/ca.cer

- name: Create certificate
shell: /root/.acme.sh/acme.sh --issue -d {{inventory_hostname_short}}.{{freifunk.domain}} -w /var/www/letsencrypt -d {{inventory_hostname_short}}.freifunk-muensterland.net -w /var/www/letsencrypt -d {{inventory_hostname_short}}.freifunk-muenster.de -w /var/www/letsencrypt -d {{inventory_hostname_short}}.freifunk-muensterland.org -w /var/www/letsencrypt
args:
creates: /root/.acme.sh/{{inventory_hostname_short}}.{{freifunk.domain}}/ca.cer

- name: install cert to Nginx
shell: /root/.acme.sh/acme.sh --installcert -d {{inventory_hostname_short}}.{{freifunk.domain}} --keypath "/etc/ssl/key.pem" --fullchainpath "/etc/ssl/fullchain.pem" --reloadcmd "systemctl restart nginx"
args:
creates: /etc/ssl/certs/key.pem

- name: Generate dhparams
shell: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
args:
creates: /etc/ssl/certs/dhparam.pem

- name: Deploy default ssl nginx site
template:
src: default_ssl.j2
dest: /etc/nginx/sites-available/default_ssl
notify:
- restart nginx

- name: Aktivate default ssl nginx site
file: src=/etc/nginx/sites-available/default_ssl dest=/etc/nginx/sites-enabled/default_ssl state=link
register: actsslconf

- name: Reload nginx to activate default ssl nginx site
service: name=nginx state=restarted
when: actsslconf.changed

- name: Clone bootstrap and css files
git: repo=https://github.com/FreiFunkMuenster/nodesmap-page.git dest=/opt/nodesmap force=yes

- name: link nophp
file:
src: ../html
dest: /var/www/html/nophp
state: link

- name: link css
file:
src: /opt/nodesmap/css
dest: /var/www/html/css
state: link

- name: link js
file:
src: /opt/nodesmap/js
dest: /var/www/html/js
state: link

- name: link fonts
file:
src: /opt/nodesmap/fonts
dest: /var/www/html/fonts
state: link

- name: link icons
file:
src: /opt/nodesmap/icons
dest: /var/www/html/icons
state: link

- name: link logo
file:
src: /opt/nodesmap/logo.svg
dest: /var/www/html/logo.svg
state: link

- name: Generate index.html
template:
src: index.html.j2
dest: /var/www/html/index.html

- name: css git clonen
git: repo=https://github.com/FreiFunkMuenster/md-fw-dl.git dest=/var/www/html/md-fw-dl force=yes

- name: create directory for h5ai
file: name=/opt/h5ai state=directory

- name: get h5ai
get_url:
url: "https://release.larsjung.de/h5ai/h5ai-0.29.0.zip"
dest: /opt/h5ai/h5ai-0.29.0.zip
register: geth5ai

- name: unarchive h5ai
unarchive:
src: /opt/h5ai/h5ai-0.29.0.zip
dest: /var/www/html
remote_src: True
when: geth5ai.changed

- name: deploy h5ai config
template:
src: templates/options.json.j2
dest: /var/www/html/_h5ai/private/conf/options.json
21 changes: 21 additions & 0 deletions firmware_nginx/templates/default.j2
View file
@@ -0,0 +1,21 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name {{inventory_hostname_short}}.{{freifunk.domain}};

location /.well-known/acme-challenge {
root /var/www/letsencrypt;
try_files $uri $uri/ =404;
}

location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}

location / {
return 301 https://$server_name$request_uri;
}
}
94 changes: 94 additions & 0 deletions firmware_nginx/templates/default_ssl.j2
View file
@@ -0,0 +1,94 @@
geo $blacklist { #Knoten die bewust kein update bekommen sollen.
include /etc/nginx/sites-available/default.d/blacklist;
default 0;
}
####################################################################
{% for domaene in domaenen|dictsort -%}
geo $umzugindom{{domaene[0]}} {
include /etc/nginx/sites-available/default.d/UmzugInDomaene{{domaene[0]}};
default 0;
}
{% endfor %}
####################################################################
## LEGACY
{% for domaene in domaenen|dictsort -%}
geo $domaene{{domaene[0]}} {
include /etc/nginx/sites-available/default.d/Domaene{{domaene[0]}};
default 0;
}
{% endfor %}
####################################################################
server {
# listen 443 ssl http2; #NUR NEUERE NGINX VERSIONEN
# listen [::]:443 ssl http2;

listen 443 ssl spdy;
listen [::]:443 ssl spdy;

server_name {{inventory_hostname_short}}.{{freifunk.domain}};

ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html /_h5ai/public/index.php;
# index index.html index.htm index.nginx-debian.html;

if ($blacklist) {
return 204;
}
####################################################################
{% for domaene in domaenen|dictsort -%}
if ($umzugindom{{domaene[0]}}) {
rewrite ^/domaene[0-9][0-9]/(.*)$ /umzug/domaene{{domaene[0]}}/$1;
}
{% endfor %}
####################################################################
{% for domaene in domaenen|dictsort -%}
if ($domaene{{domaene[0]}}) {
rewrite ^/site-ffms/(.*)$ /domaene{{domaene[0]}}/$1;
}
{% endfor %}
####################################################################

location / {
autoindex on;
autoindex_localtime on;
autoindex_exact_size on;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}

location /nophp {
autoindex on;
autoindex_localtime on;
autoindex_exact_size on;
index index.html index.htm index.nginx-debian.html;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
106 changes: 106 additions & 0 deletions firmware_nginx/templates/index.html.j2
View file
@@ -0,0 +1,106 @@
<!DOCTYPE html>
<html lang="en"><!-- Mit Ansible erzeugt - änderungen werden überschrieben -->
<head>
<title>{{freifunk.name}} - Firmware</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="apple-touch-icon" sizes="180x180" href="/icons/apple-touch-icon.png?v=2">
<link rel="icon" type="image/png" href="/icons/favicon-32x32.png?v=2" sizes="32x32">
<link rel="icon" type="image/png" href="/icons/favicon-16x16.png?v=2" sizes="16x16">
<link rel="manifest" href="/icons/manifest.json?v=2">
<link rel="mask-icon" href="/icons/safari-pinned-tab.svg?v=2" color="#ffb400">
<link rel="shortcut icon" href="/icons/favicon.ico?v=2">
<meta name="apple-mobile-web-app-title" content="Freifunk">
<meta name="application-name" content="Freifunk">
<meta name="msapplication-config" content="/icons/browserconfig.xml?v=2">
<meta name="theme-color" content="#dc0067">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/ffms.css">
</head>
<body>
<div class="container">
<div class="page-header">
<div class="row">
<div class="col-md-2 col-sm-3">
<img id="ffms-logo" src="logo.svg" class="img" alt="Logo Freifunk Münsterland">
</div>
<div class="col-md-10 col-sm-9">
<h2>Firmware - {{freifunk.name}}
<br/><small>Firmware der einzelnen Domänen</small></h2>
<p>Im Januar 2016 haben wir das Netzwerk umstrukturiert. Seitdem gibt es für die verschiedenen Bereiche (Domänen) unterschiedliche Firmware. Es gibt zwei Methoden, die passende Firmware zu finden:</p>
<ol>
<li>Den <a href="md-fw-dl/">Firmware Download Assistenten</a> verwenden.</li>
<li>Wähle unten eine Domäne, um zum Verzeichnisbaum mit passender Firmware zu gelangen:
<ul>

</ul>
</li>
</ol>
</div>
</div>
</div>
</div>
<div class="container">
<div class="row">
<!-- Suchfeld und Links -->
<div class="col-md-4 col-sm-4 col-xs-12">
<form type="text" action="javascript:myScroll()">
<div class="input-group">
<!-- USE TWITTER TYPEAHEAD JSON WITH API TO SEARCH -->
<input class="form-control" id="system-search"
name="q" placeholder="Suche nach" autofocus>
<span class="input-group-btn">
<button type="submit" id="searchbutton" class="btn btn-ffms">
<i class="glyphicon glyphicon-search"></i>
</button>
</span>
</input>
</div>
</form>
<br/>
<h4><strong><a href="md-fw-dl/">Firmware Download Assistent</a></strong></h4>
<p><a class="btn-ffms-collapse visible-xs" data-toggle="collapse" data-target="#narrow-results">&#187; Mehr Freifunk Links</a></p>
<div id="narrow-results" class="narrow-results collapse">
<p><a href="https://freifunk-muensterland.de">{{freifunk.name}} - Homepage</a></p>
<p><a href="https://wiki.freifunk-muensterland.de/">{{freifunk.name}} - Wiki</a></p>
<p><a href="https://forum.freifunk-muensterland.de/">{{freifunk.name}} - Forum</a></p>
<p><a href="https://karte.freifunk-muensterland.de/">{{freifunk.name}} - Karte</a></p>
</div>
</div>
<!-- Spalte mit Domänen -->
<div class="col-md-4 col-sm-4 col-xs-12">
<div class="ffms-align-center">
<table class="table table-list-search table-hover">
<tbody>
<!-- Alle Domänen einfügen -->
{% for domaene in domaenen|dictsort %}
{% if "firmware" in domaene[1] %}
<tr>
<td>
<a href="{{domaene[1].firmware}}">Domäne {{domaene[0]}}</a> - {{domaene[1].name}}</li>
</td>
</tr>
{% endif %}
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</div>
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<!-- optional via CDN: <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" </script> -->
<script src="js/bootstrap.min.js"></script>
<script src="js/search.js"></script>
<script>
function myScroll(my) {
$('html, body').animate({
scrollTop: $(".table").offset().top
}, 200);
}
</script>
</body>


0 comments on commit c97aa9d

Please sign in to comment.