kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-18 06:24:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Shortened network- to net-

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-09 04:35:21 +02:00
parent 66198ca1ec
commit 2108702a2b
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
46 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/README.md
View File

@ -49,7 +49,7 @@ For a complete list of role categories and detailed definitions, see:
## Network ## Network
- **network-*** - **net-***
Network infrastructure (DNS records, WireGuard, Lets Encrypt entrypoints). Network infrastructure (DNS records, WireGuard, Lets Encrypt entrypoints).
- **service-*** - **service-***
@ -112,7 +112,7 @@ For a complete list of role categories and detailed definitions, see:
> **Tip:** To find a role quickly, search for its prefix: > **Tip:** To find a role quickly, search for its prefix:
> `core-`, `gen-`, `desk-`, `srv-web-`, `web-service-`, `web-app-`, > `core-`, `gen-`, `desk-`, `srv-web-`, `web-service-`, `web-app-`,
> `network-`, `service-`, `monitor-`, `alert-`, `maint-`, `cln-`, > `net-`, `service-`, `monitor-`, `alert-`, `maint-`, `cln-`,
> `bkp-`, `update-`, `pkgmgr-`, `user-`. > `bkp-`, `update-`, `pkgmgr-`, `user-`.
--- ---

0
roles/network-dns-records/README.md → roles/net-dns-records/README.md
View File

0
roles/network-dns-records/meta/main.yml → roles/net-dns-records/meta/main.yml
View File

0
roles/network-dns-records/tasks/main.yml → roles/net-dns-records/tasks/main.yml
View File

0
roles/network-letsencrypt/README.md → roles/net-letsencrypt/README.md
View File

0
roles/network-letsencrypt/TODO.md → roles/net-letsencrypt/TODO.md
View File

0
roles/network-letsencrypt/meta/main.yml → roles/net-letsencrypt/meta/main.yml
View File

0
roles/network-letsencrypt/tasks/main.yml → roles/net-letsencrypt/tasks/main.yml
View File

0
roles/network-letsencrypt/tasks/set-caa-records.yml → roles/net-letsencrypt/tasks/set-caa-records.yml
View File

0
roles/network-letsencrypt/templates/letsencrypt.conf.j2 → roles/net-letsencrypt/templates/letsencrypt.conf.j2
View File

0
roles/network-letsencrypt/templates/ssl_credentials.j2 → roles/net-letsencrypt/templates/ssl_credentials.j2
View File

2
roles/network-letsencrypt/templates/ssl_header.j2 → roles/net-letsencrypt/templates/ssl_header.j2
View File

@ -12,4 +12,4 @@ ssl_session_tickets on;
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
{% include 'roles/network-letsencrypt/templates/ssl_credentials.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_credentials.j2' %}

0
roles/network-letsencrypt/vars/main.yml → roles/net-letsencrypt/vars/main.yml
View File

0
roles/network-wireguard-core/Administration.md → roles/net-wireguard-core/Administration.md
View File

0
roles/network-wireguard-core/README.md → roles/net-wireguard-core/README.md
View File

0
roles/network-wireguard-core/files/wireguard-ip.conf → roles/net-wireguard-core/files/wireguard-ip.conf
View File

0
roles/network-wireguard-core/handlers/main.yml → roles/net-wireguard-core/handlers/main.yml
View File

0
roles/network-wireguard-core/meta/main.yml → roles/net-wireguard-core/meta/main.yml
View File

0
roles/network-wireguard-core/tasks/main.yml → roles/net-wireguard-core/tasks/main.yml
View File

2
roles/network-wireguard-firewalled/README.md → roles/net-wireguard-firewalled/README.md
View File

@ -19,7 +19,7 @@ The primary purpose of this role is to enable proper routing and connectivity fo
- **iptables Rule Adaptation:** Modifies iptables to allow forwarding and NAT masquerading for the WireGuard client. - **iptables Rule Adaptation:** Modifies iptables to allow forwarding and NAT masquerading for the WireGuard client.
- **NAT Support:** Configures the external interface for proper masquerading. - **NAT Support:** Configures the external interface for proper masquerading.
- **Role Integration:** Depends on the [network-wireguard-plain](../network-wireguard-plain/README.md) role to ensure that WireGuard is properly configured before applying firewall rules. - **Role Integration:** Depends on the [net-wireguard-plain](../net-wireguard-plain/README.md) role to ensure that WireGuard is properly configured before applying firewall rules.
## Other Resources ## Other Resources
- https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39 - https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39

2
roles/network-wireguard-firewalled/meta/main.yml → roles/net-wireguard-firewalled/meta/main.yml
View File

@ -23,4 +23,4 @@ galaxy_info:
issue_tracker_url: "https://s.veen.world/cymaisissues" issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais" documentation: "https://s.veen.world/cymais"
dependencies: dependencies:
- network-wireguard-plain - net-wireguard-plain

0
roles/network-wireguard-firewalled/tasks/main.yml → roles/net-wireguard-firewalled/tasks/main.yml
View File

0
roles/network-wireguard-plain/Administration.md → roles/net-wireguard-plain/Administration.md
View File

0
roles/network-wireguard-plain/README.md → roles/net-wireguard-plain/README.md
View File

0
roles/network-wireguard-plain/files/set-mtu.service → roles/net-wireguard-plain/files/set-mtu.service
View File

0
roles/network-wireguard-plain/handlers/main.yml → roles/net-wireguard-plain/handlers/main.yml
View File

2
roles/network-wireguard-plain/meta/main.yml → roles/net-wireguard-plain/meta/main.yml
View File

@ -24,4 +24,4 @@ galaxy_info:
issue_tracker_url: "https://s.veen.world/cymaisissues" issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais" documentation: "https://s.veen.world/cymais"
dependencies: dependencies:
- network-wireguard-core - net-wireguard-core

0
roles/network-wireguard-plain/tasks/main.yml → roles/net-wireguard-plain/tasks/main.yml
View File

0
roles/network-wireguard-plain/templates/set-mtu.sh.j2 → roles/net-wireguard-plain/templates/set-mtu.sh.j2
View File

2
roles/service-openldap/templates/nginx.stream.conf.j2
View File

@ -2,5 +2,5 @@ server {
listen {{ports.public.ldaps.ldap}}ssl; listen {{ports.public.ldaps.ldap}}ssl;
proxy_pass 127.0.0.1:{{ports.localhost.ldap.ldap}}; proxy_pass 127.0.0.1:{{ports.localhost.ldap.ldap}};
{% include 'roles/network-letsencrypt/templates/ssl_credentials.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_credentials.j2' %}
} }

2
roles/srv-web-https/README.md
View File

@ -17,7 +17,7 @@ When you apply **srv-web-https**, it will:
1. **Include** the `srv-web-core` role to install and configure Nginx. 1. **Include** the `srv-web-core` role to install and configure Nginx.
2. **Clean up** any stale vHost files under `cln-domains`. 2. **Clean up** any stale vHost files under `cln-domains`.
3. **Deploy** the Lets Encrypt challenge-and-redirect snippet from `network-letsencrypt`. 3. **Deploy** the Lets Encrypt challenge-and-redirect snippet from `net-letsencrypt`.
4. **Reload** Nginx automatically when any template changes. 4. **Reload** Nginx automatically when any template changes.
All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs. All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.

2
roles/srv-web-https/meta/main.yml
View File

@ -26,4 +26,4 @@ galaxy_info:
dependencies: dependencies:
- srv-web-core - srv-web-core
- cln-domains - cln-domains
- network-letsencrypt - net-letsencrypt

2
roles/srv-web-proxy-core/templates/vhost/basic.conf.j2
View File

@ -13,7 +13,7 @@ server
{{nginx_docker_reverse_proxy_extra_configuration}} {{nginx_docker_reverse_proxy_extra_configuration}}
{% endif %} {% endif %}
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% if applications | is_feature_enabled('oauth2', application_id) %} {% if applications | is_feature_enabled('oauth2', application_id) %}
{% set acl = applications[application_id].oauth2_proxy.acl | default({}) %} {% set acl = applications[application_id].oauth2_proxy.acl | default({}) %}

2
roles/srv-web-proxy-core/templates/vhost/ws_generic.conf.j2
View File

@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
server { server {
server_name {{ domain }}; server_name {{ domain }};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2' %} {% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2' %}
client_max_body_size {{ client_max_body_size | default('100m') }}; client_max_body_size {{ client_max_body_size | default('100m') }};

2
roles/web-app-collabora/templates/nginx.conf.j2
View File

@ -1,7 +1,7 @@
server { server {
server_name {{domain}}; server_name {{domain}};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%} {% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%}

2
roles/web-app-gitea/tasks/main.yml
View File

@ -64,7 +64,7 @@
- name: Include DNS role to register Gitea domain(s) - name: Include DNS role to register Gitea domain(s)
include_role: include_role:
name: network-dns-records name: net-dns-records
vars: vars:
cloudflare_api_token: "{{ certbot_dns_api_token }}" cloudflare_api_token: "{{ certbot_dns_api_token }}"
cloudflare_domains: "{{ [ domains | get_domain(application_id) ] }}" cloudflare_domains: "{{ [ domains | get_domain(application_id) ] }}"

2
roles/web-app-matrix/templates/nginx.conf.j2
View File

@ -5,7 +5,7 @@ server {
{% set http_port = ports.localhost.http.synapse %} {% set http_port = ports.localhost.http.synapse %}
server_name {{domains.matrix.synapse}}; server_name {{domains.matrix.synapse}};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
# For the federation port # For the federation port
listen 8448 ssl default_server; listen 8448 ssl default_server;

2
roles/web-app-nextcloud/templates/nginx/host.conf.j2
View File

@ -4,7 +4,7 @@ server
{ {
server_name {{domain}}; server_name {{domain}};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%} {% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%}
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak

2
roles/web-app-peertube/templates/peertube.conf.j2
View File

@ -1,7 +1,7 @@
server { server {
server_name {{domain}}; server_name {{domain}};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%} {% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%}

2
roles/web-app-portfolio/templates/menu/followus.yml.j2
View File

@ -55,7 +55,7 @@ followus:
- name: Friendica - name: Friendica
description: Visit {{ 'our' if service_provider.type == 'legal' else 'my' }} friendica profile description: Visit {{ 'our' if service_provider.type == 'legal' else 'my' }} friendica profile
icon: icon:
class: fas fa-network-wired class: fas fa-net-wired
identifier: "{{service_provider.contact.friendica}}" identifier: "{{service_provider.contact.friendica}}"
url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}" url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
iframe: {{ applications | is_feature_enabled('portfolio_iframe','friendica') }} iframe: {{ applications | is_feature_enabled('portfolio_iframe','friendica') }}

2
roles/web-app-syncope/templates/proxy.conf
View File

@ -13,7 +13,7 @@ server
{{nginx_docker_reverse_proxy_extra_configuration}} {{nginx_docker_reverse_proxy_extra_configuration}}
{% endif %} {% endif %}
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% for path in syncope_paths.values() %} {% for path in syncope_paths.values() %}
{% set location = web_protocol ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %} {% set location = web_protocol ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}

2
roles/web-redirect-domains/templates/redirect.domain.nginx.conf.j2
View File

@ -1,6 +1,6 @@
server { server {
server_name {{ domain }}; server_name {{ domain }};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
return 301 https://{{ target }}$request_uri; return 301 https://{{ target }}$request_uri;
} }

2
roles/web-redirect-www/tasks/main.yml
View File

@ -17,7 +17,7 @@
- name: Include DNS role to set redirects - name: Include DNS role to set redirects
include_role: include_role:
name: network-dns-records name: net-dns-records
vars: vars:
cloudflare_api_token: "{{ certbot_dns_api_token }}" cloudflare_api_token: "{{ certbot_dns_api_token }}"
cloudflare_domains: "{{ www_domains }}" cloudflare_domains: "{{ www_domains }}"

2
roles/web-service-files/templates/nginx.conf.j2
View File

@ -2,7 +2,7 @@ server
{ {
server_name {{domains | get_domain(application_id)}}; server_name {{domains | get_domain(application_id)}};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%} {% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%}

2
roles/web-service-html/templates/nginx.conf.j2
View File

@ -2,7 +2,7 @@ server
{ {
server_name {{domains | get_domain(application_id)}}; server_name {{domains | get_domain(application_id)}};
{% include 'roles/network-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%} {% include 'roles/srv-web-injector-core/templates/global.includes.conf.j2'%}

6
tasks/plays/01_constructor.yml
View File

@ -104,18 +104,18 @@
- name: setup standard wireguard - name: setup standard wireguard
when: ('wireguard_server' | application_allowed(group_names, allowed_applications)) when: ('wireguard_server' | application_allowed(group_names, allowed_applications))
include_role: include_role:
name: network-wireguard-core name: net-wireguard-core
# vpn setup # vpn setup
- name: setup wireguard client behind firewall\nat - name: setup wireguard client behind firewall\nat
when: ('wireguard_behind_firewall' | application_allowed(group_names, allowed_applications)) when: ('wireguard_behind_firewall' | application_allowed(group_names, allowed_applications))
include_role: include_role:
name: network-wireguard-firewalled name: net-wireguard-firewalled
- name: setup wireguard client - name: setup wireguard client
when: ('wireguard_client' | application_allowed(group_names, allowed_applications)) when: ('wireguard_client' | application_allowed(group_names, allowed_applications))
include_role: include_role:
name: network-wireguard-plain name: net-wireguard-plain
## backup setup ## backup setup
- name: setup replica backup hosts - name: setup replica backup hosts