diff --git a/hosts b/hosts
index 53123897..5c253abb 100644
--- a/hosts
+++ b/hosts
@@ -1,2 +1,9 @@
+[common]
+phoenix.thunix.cf
+summit.thunix.cf
+
[shell]
-thunix.tilde
\ No newline at end of file
+phoenix.thunix.cf
+
+[webserver]
+summit.thunix.cf
diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml
index a4ea1ef9..5aa5743b 100644
--- a/roles/common/tasks/packages.yml
+++ b/roles/common/tasks/packages.yml
@@ -3,19 +3,7 @@
- name: Install baseline packages
apt: name={{ item }} state=present
with_items:
- - vim
- aptitude
- git
- - alpine
- - weechat
- - mutt
- python
- - rtv
- - lynx
- - w3m-img
- - python-apt
- - python
- - python-pip
- - cowsay
- - byobu
- man
diff --git a/roles/common/tasks/users.yml b/roles/common/tasks/users.yml
index d24e81e5..5fe20dc6 100644
--- a/roles/common/tasks/users.yml
+++ b/roles/common/tasks/users.yml
@@ -1,65 +1,5 @@
# This creates our users on the system
---
-- group:
- name: tilde
- state: present
-
- group:
name: sudo
state: present
-
-- user:
- name: testuser
- groups: tilde
- state: absent
- shell: /bin/bash # Defaults to /bin/bash
- system: no # Defaults to no
- createhome: yes # Defaults to yes
- home: /home/testuser
-
-- user:
- name: amcclure
- groups: tilde, sudo
- state: present
- skeleton: /etc/skel
- shell: /bin/bash
- system: no
- createhome: yes
- home: /home/amcclure
-- authorized_key:
- user: amcclure
- state: present
- key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsGEzYmXXveq7aGosnJR0I3h9zwPZTOr+ytnOiwPam2KhR9GBzZsAGxtpwXXdvIUtvGFV0tlDWZ851wAYvJsRzwOu7t4OgrtrxkC/qkZ+p9FyjQ4kBX3oSKWJ08J0K59uv3GrNVrVOzyqQ6aGb8TFgCnLN9C9ElWmdmyrZ3evbiraCov9HM8EpxCJN68nPz/ugJvIL6xZe+9+uGRzBrMrtbTPxTFi5SLHg1itPGFVRFJr8ZjOZ4temoZ9IKOi/EYP+FUPk+Xbg+6iaOpS0wlq2eQ+DpMFpsP+kHHiY7X1Ln4pMA4C8ewfqnFi6kI8VJtDFmuZgXlaV/Uq5T54zRzZt amcclure@tilde"
-- authorized_key:
- user: amcclure
- state: present
- key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhdNCqJ2+kTVRdf9R2g4Uv9TKuQzY4LbtJm5V1dx7uMfNI8HGHOa8gFopAaId8S9SY5WoIP4R0y+avZQzKRAVcqJNiKrKQDb5juLSWgL51CrOgZd6Y/nCUnvgmpAEUBzlxIBSDmiozDF4R6fk+8MqXsT8/HOaQgXX52v4qWBY9XWSOFwCeukywpnENvNm+H3vJhHddIYtcONWJB5m6msrBRo5NR7uo5RVt5GJpUpXfdI2IHLV4YZavLWiT/yBbBvxCODKWkNNXr9jBZ5RHPnqYcABoAKJ6hMaNzuJfAa9AvlV5aRDhRenOiS2/EQhC4rxPMHmnfn4TYng7vQRbVTvnGeLNGtsLqRDWuNQEmLYUZ8Q4JZfoSzZVmSyy2NeLvJRYxQRh7NTZlzoDkY+JBURINPcfVduVT2DD0buFSdhIq7/jreV1QZuSpOa5ABgvhTOf9bCIPaqbJ/zK7m+rqIPUhvrNZGgC7xkUpzdfl67W3xh+RyEIPdJX98dYZ9bZFFYvntW+plHizBBs+s7kGTV7BKm4rJ2oQfTby1M3++tSTZi/6QAkcOEb3VJ5n0rQiM+FMLuHfP2dPXh3AIVKYAiwZjdrJ3174g8JjSTXt3jJm6I1KW89oG2AcBbI/N3bgIVXcU+IRx846+zU7iZ49YtJK61Ml7u9aVQJDABQEMg6OQ== amcclure@triton"
-
-- user:
- name: naglfar
- groups: tilde
- state: present
- skeleton: /etc/skel
- shell: /bin/bash
- system: no
- createhome: yes
- home: /home/naglafar
-
-- user:
- name: ubergeek
- groups: sudo
- state: present
- skeleton: /etc/skel
- shell: /bin/bash
- system: no
- createhome: yes
- home: /home/ubergeek
-
-- authorized_key:
- user: ubergeek
- state: present
- key: "ssh-dss AAAAB3NzaC1kc3MAAACBAIBSqyxUGJOtsY+ri6SWRl7SyLO0dTK0uiTVWhzt/nzNGZsmvfSteasQGOrMpEgrnWDCm7XahH/AUg5IgSDmU7gKWITZVUqZGk8zZbqmx/qQuNqnte6J3vQvQK7M6qShVpnrLFdoEyrXjljAqGVVV4nyB0n+GBBJ1WlJN/eyJt3lAAAAFQDKpycDN2+ga6d53bYyReVVoOFcgwAAAIB4a4GPZsmJJc9bSnHU5j2pt6ThMS3yud//K46TGNF9vX5EXVrWk9XZc/iPwiXOnHfTu2uoVJiJkhJEM3SQY0YO0DoEqoCfwdZ+SisQeLDat/mvNduXO2PdVoKodXftwr1dq1HMD+0Wi+b17G1E/Gfx76ECfA3mBFvdsu8Wgo+I4wAAAIAy3QFkmetRKi/XjSMiiyJa1jxKiNyTO97eU2kLFyQE7LMQ6agDACPk3yfMdUgH7tvjfOBH5Tsp3wS+nvx1I7M5w08z88F9NBrp8Z2Ni2nACLtbY5q5oFr0a7ZnD+6LbWksK8NcTAquBnxf4FzXJ+knDfAg8Oya0sqR95VV5xoVTw== ubergeek@ubergeeks-MacBook-Pro.local"
-- authorized_key:
- user: ubergeek
- state: present
- key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdgDD3UMyI9NdtVGuuDS1Rqfw6YoJsctAhWgGP+0w6MX5Od0B3km6C/BaMe/ZY7vA861wjoeHFdZ69nOYsdDqysCLxZCAfGBjzYM2mS4UiuV3tnZA7C/Zd+dGUfuA64iQ1SJ3FcehGezgI9zJU2JSWfhzHO2gx7fdZ9lhCEDU3qkiXy6HFzd+B0+tlEXBSkUk4g47ZLuaKxPrqeug5xGLwjlMjTSYSyhODdjvYQNkaD4ynyggdq21T0CWA5abH4nol+NPy5HChYH7wkA0qQ23GeUrUfdWmzZxua6SBVEGC0cFiLLt0ZPCf2foob7Nse6W3ISy85uBKO4QNO5Nwl+zz ubergeek@yourtilde.com"
diff --git a/roles/shell/files/resolv.conf b/roles/shell/files/resolv.conf
new file mode 100644
index 00000000..3878a496
--- /dev/null
+++ b/roles/shell/files/resolv.conf
@@ -0,0 +1,2 @@
+nameserver 149.56.184.112
+nameserver 66.42.77.29
diff --git a/roles/shell/handlers/main.yml b/roles/shell/handlers/main.yml
new file mode 100644
index 00000000..e69de29b
diff --git a/roles/shell/meta/main.yml b/roles/shell/meta/main.yml
new file mode 100644
index 00000000..e69de29b
diff --git a/roles/shell/tasks/main.yml b/roles/shell/tasks/main.yml
new file mode 100644
index 00000000..79c0805a
--- /dev/null
+++ b/roles/shell/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+# This playbook contains all of the common things every machine in the site gets. Basic packages, users, etc etc.
+
+- include: packages.yml
+- include: users.yml
diff --git a/roles/shell/tasks/packages.yml b/roles/shell/tasks/packages.yml
new file mode 100644
index 00000000..8a0e03ff
--- /dev/null
+++ b/roles/shell/tasks/packages.yml
@@ -0,0 +1,16 @@
+# Install our baseline packages for all machines, irrespective of what role they might have
+---
+- name: Install baseline packages
+ apt: name={{ item }} state=present
+ with_items:
+ - vim
+ - alpine
+ - weechat
+ - mutt
+ - python
+ - rtv
+ - lynx
+ - w3m-img
+ - python-pip
+ - cowsay
+ - byobu
diff --git a/roles/shell/tasks/users.yml b/roles/shell/tasks/users.yml
new file mode 100644
index 00000000..7409bebe
--- /dev/null
+++ b/roles/shell/tasks/users.yml
@@ -0,0 +1,56 @@
+# This creates our users on the system
+---
+- group:
+ name: tilde
+ state: present
+
+- group:
+ name: sudo
+ state: present
+
+- user:
+ name: amcclure
+ groups: tilde, sudo
+ state: present
+ skeleton: /etc/skel
+ shell: /bin/bash
+ system: no
+ createhome: yes
+ home: /home/amcclure
+- authorized_key:
+ user: amcclure
+ state: present
+ key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsGEzYmXXveq7aGosnJR0I3h9zwPZTOr+ytnOiwPam2KhR9GBzZsAGxtpwXXdvIUtvGFV0tlDWZ851wAYvJsRzwOu7t4OgrtrxkC/qkZ+p9FyjQ4kBX3oSKWJ08J0K59uv3GrNVrVOzyqQ6aGb8TFgCnLN9C9ElWmdmyrZ3evbiraCov9HM8EpxCJN68nPz/ugJvIL6xZe+9+uGRzBrMrtbTPxTFi5SLHg1itPGFVRFJr8ZjOZ4temoZ9IKOi/EYP+FUPk+Xbg+6iaOpS0wlq2eQ+DpMFpsP+kHHiY7X1Ln4pMA4C8ewfqnFi6kI8VJtDFmuZgXlaV/Uq5T54zRzZt amcclure@tilde"
+- authorized_key:
+ user: amcclure
+ state: present
+ key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhdNCqJ2+kTVRdf9R2g4Uv9TKuQzY4LbtJm5V1dx7uMfNI8HGHOa8gFopAaId8S9SY5WoIP4R0y+avZQzKRAVcqJNiKrKQDb5juLSWgL51CrOgZd6Y/nCUnvgmpAEUBzlxIBSDmiozDF4R6fk+8MqXsT8/HOaQgXX52v4qWBY9XWSOFwCeukywpnENvNm+H3vJhHddIYtcONWJB5m6msrBRo5NR7uo5RVt5GJpUpXfdI2IHLV4YZavLWiT/yBbBvxCODKWkNNXr9jBZ5RHPnqYcABoAKJ6hMaNzuJfAa9AvlV5aRDhRenOiS2/EQhC4rxPMHmnfn4TYng7vQRbVTvnGeLNGtsLqRDWuNQEmLYUZ8Q4JZfoSzZVmSyy2NeLvJRYxQRh7NTZlzoDkY+JBURINPcfVduVT2DD0buFSdhIq7/jreV1QZuSpOa5ABgvhTOf9bCIPaqbJ/zK7m+rqIPUhvrNZGgC7xkUpzdfl67W3xh+RyEIPdJX98dYZ9bZFFYvntW+plHizBBs+s7kGTV7BKm4rJ2oQfTby1M3++tSTZi/6QAkcOEb3VJ5n0rQiM+FMLuHfP2dPXh3AIVKYAiwZjdrJ3174g8JjSTXt3jJm6I1KW89oG2AcBbI/N3bgIVXcU+IRx846+zU7iZ49YtJK61Ml7u9aVQJDABQEMg6OQ== amcclure@triton"
+
+- user:
+ name: naglfar
+ groups: tilde
+ state: present
+ skeleton: /etc/skel
+ shell: /bin/bash
+ system: no
+ createhome: yes
+ home: /home/naglafar
+
+- user:
+ name: ubergeek
+ groups: tilde,sudo
+ state: present
+ skeleton: /etc/skel
+ shell: /bin/bash
+ system: no
+ createhome: yes
+ home: /home/ubergeek
+
+- authorized_key:
+ user: ubergeek
+ state: present
+ key: "ssh-dss AAAAB3NzaC1kc3MAAACBAIBSqyxUGJOtsY+ri6SWRl7SyLO0dTK0uiTVWhzt/nzNGZsmvfSteasQGOrMpEgrnWDCm7XahH/AUg5IgSDmU7gKWITZVUqZGk8zZbqmx/qQuNqnte6J3vQvQK7M6qShVpnrLFdoEyrXjljAqGVVV4nyB0n+GBBJ1WlJN/eyJt3lAAAAFQDKpycDN2+ga6d53bYyReVVoOFcgwAAAIB4a4GPZsmJJc9bSnHU5j2pt6ThMS3yud//K46TGNF9vX5EXVrWk9XZc/iPwiXOnHfTu2uoVJiJkhJEM3SQY0YO0DoEqoCfwdZ+SisQeLDat/mvNduXO2PdVoKodXftwr1dq1HMD+0Wi+b17G1E/Gfx76ECfA3mBFvdsu8Wgo+I4wAAAIAy3QFkmetRKi/XjSMiiyJa1jxKiNyTO97eU2kLFyQE7LMQ6agDACPk3yfMdUgH7tvjfOBH5Tsp3wS+nvx1I7M5w08z88F9NBrp8Z2Ni2nACLtbY5q5oFr0a7ZnD+6LbWksK8NcTAquBnxf4FzXJ+knDfAg8Oya0sqR95VV5xoVTw== ubergeek@ubergeeks-MacBook-Pro.local"
+- authorized_key:
+ user: ubergeek
+ state: present
+ key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdgDD3UMyI9NdtVGuuDS1Rqfw6YoJsctAhWgGP+0w6MX5Od0B3km6C/BaMe/ZY7vA861wjoeHFdZ69nOYsdDqysCLxZCAfGBjzYM2mS4UiuV3tnZA7C/Zd+dGUfuA64iQ1SJ3FcehGezgI9zJU2JSWfhzHO2gx7fdZ9lhCEDU3qkiXy6HFzd+B0+tlEXBSkUk4g47ZLuaKxPrqeug5xGLwjlMjTSYSyhODdjvYQNkaD4ynyggdq21T0CWA5abH4nol+NPy5HChYH7wkA0qQ23GeUrUfdWmzZxua6SBVEGC0cFiLLt0ZPCf2foob7Nse6W3ISy85uBKO4QNO5Nwl+zz ubergeek@yourtilde.com"
diff --git a/roles/shell/vars/main.yml b/roles/shell/vars/main.yml
new file mode 100644
index 00000000..e69de29b
diff --git a/roles/webserver/files/etc/apache2/sites-available/000-default.conf b/roles/webserver/files/etc/apache2/sites-available/000-default.conf
new file mode 100644
index 00000000..e00d4087
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/000-default.conf
@@ -0,0 +1,31 @@
+
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+
+ ServerAdmin amcclure@ttm.sh
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/webserver/files/etc/apache2/sites-available/default-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/default-ssl.conf
new file mode 100644
index 00000000..b577ad3f
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/default-ssl.conf
@@ -0,0 +1,134 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ # BrowserMatch "MSIE [2-6]" \
+ # nokeepalive ssl-unclean-shutdown \
+ # downgrade-1.0 force-response-1.0
+
+
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/webserver/files/etc/apache2/sites-available/ftp.summit.ttm.sh-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/ftp.summit.ttm.sh-le-ssl.conf
new file mode 100644
index 00000000..e145f741
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/ftp.summit.ttm.sh-le-ssl.conf
@@ -0,0 +1,12 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName ftp.summit.ttm.sh
+ DocumentRoot /var/www/summit/ftp
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+SSLCertificateFile /etc/letsencrypt/live/ftp.summit.ttm.sh/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/ftp.summit.ttm.sh/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/ftp.summit.ttm.sh.conf b/roles/webserver/files/etc/apache2/sites-available/ftp.summit.ttm.sh.conf
new file mode 100644
index 00000000..4945d900
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/ftp.summit.ttm.sh.conf
@@ -0,0 +1,7 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName ftp.summit.ttm.sh
+ DocumentRoot /var/www/summit/ftp
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/mail.thunix.cf-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/mail.thunix.cf-le-ssl.conf
new file mode 100644
index 00000000..c44c3311
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/mail.thunix.cf-le-ssl.conf
@@ -0,0 +1,14 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName mail.thunix.cf
+ DocumentRoot /var/www/thunix/mail
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+SSLCertificateFile /etc/letsencrypt/live/mail.thunix.cf/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/mail.thunix.cf/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+
+
+
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/mail.thunix.cf.conf b/roles/webserver/files/etc/apache2/sites-available/mail.thunix.cf.conf
new file mode 100644
index 00000000..f05429ac
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/mail.thunix.cf.conf
@@ -0,0 +1,7 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName mail.thunix.cf
+ DocumentRoot /var/www/thunix/mail
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/ny.dyniform.net.conf b/roles/webserver/files/etc/apache2/sites-available/ny.dyniform.net.conf
new file mode 100644
index 00000000..ab91b4b3
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/ny.dyniform.net.conf
@@ -0,0 +1,7 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName ny.dyniform.net
+ DocumentRoot /var/www/dyniform
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/summit-nosite.conf b/roles/webserver/files/etc/apache2/sites-available/summit-nosite.conf
new file mode 100644
index 00000000..33282337
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/summit-nosite.conf
@@ -0,0 +1,9 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName server.summit.ttm.sh
+ ServerAlias *.summit.ttm.sh
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ Redirect 307 / http://www.summit.ttm.sh/
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/summit.ttm.sh-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/summit.ttm.sh-le-ssl.conf
new file mode 100644
index 00000000..2880fb51
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/summit.ttm.sh-le-ssl.conf
@@ -0,0 +1,12 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName summit.ttm.sh
+ DocumentRoot /var/www/summit/redirect
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+SSLCertificateFile /etc/letsencrypt/live/summit.ttm.sh/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/summit.ttm.sh/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/summit.ttm.sh.conf b/roles/webserver/files/etc/apache2/sites-available/summit.ttm.sh.conf
new file mode 100644
index 00000000..3334b952
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/summit.ttm.sh.conf
@@ -0,0 +1,8 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName summit.ttm.sh
+# ServerAlias *.summit.ttm.sh
+ DocumentRoot /var/www/summit/redirect
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.cf-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.cf-le-ssl.conf
new file mode 100644
index 00000000..d0adbece
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/thunix.cf-le-ssl.conf
@@ -0,0 +1,12 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName thunix.cf
+ DocumentRoot /var/www/thunix/redirect
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+SSLCertificateFile /etc/letsencrypt/live/thunix.cf/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/thunix.cf/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.cf.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.cf.conf
new file mode 100644
index 00000000..01f7cfac
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/thunix.cf.conf
@@ -0,0 +1,7 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName thunix.cf
+ DocumentRoot /var/www/thunix/redirect
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/thunix.tilde.chat.conf b/roles/webserver/files/etc/apache2/sites-available/thunix.tilde.chat.conf
new file mode 100644
index 00000000..5c94d4aa
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/thunix.tilde.chat.conf
@@ -0,0 +1,7 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName thunix.tilde.chat
+ DocumentRoot /var/www/thunix/chat
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/www.summit.ttm.sh-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/www.summit.ttm.sh-le-ssl.conf
new file mode 100644
index 00000000..820147e2
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/www.summit.ttm.sh-le-ssl.conf
@@ -0,0 +1,13 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName www.summit.ttm.sh
+ ServerAlias summit.ttm.sh
+ DocumentRoot /var/www/summit/www
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+SSLCertificateFile /etc/letsencrypt/live/www.summit.ttm.sh/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/www.summit.ttm.sh/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/www.summit.ttm.sh.conf b/roles/webserver/files/etc/apache2/sites-available/www.summit.ttm.sh.conf
new file mode 100644
index 00000000..1ccd1aaa
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/www.summit.ttm.sh.conf
@@ -0,0 +1,8 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName www.summit.ttm.sh
+ ServerAlias summit.ttm.sh
+ DocumentRoot /var/www/summit/www
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/www.thunix.cf-le-ssl.conf b/roles/webserver/files/etc/apache2/sites-available/www.thunix.cf-le-ssl.conf
new file mode 100644
index 00000000..a286bc3b
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/www.thunix.cf-le-ssl.conf
@@ -0,0 +1,12 @@
+
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName www.thunix.cf
+ DocumentRoot /var/www/thunix/www
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+SSLCertificateFile /etc/letsencrypt/live/www.thunix.cf/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/www.thunix.cf/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+
+
diff --git a/roles/webserver/files/etc/apache2/sites-available/www.thunix.cf.conf b/roles/webserver/files/etc/apache2/sites-available/www.thunix.cf.conf
new file mode 100644
index 00000000..3005aa79
--- /dev/null
+++ b/roles/webserver/files/etc/apache2/sites-available/www.thunix.cf.conf
@@ -0,0 +1,7 @@
+
+ ServerAdmin amcclure@ttm.sh
+ ServerName www.thunix.cf
+ DocumentRoot /var/www/thunix/www
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
diff --git a/roles/webserver/tasks/apache.yml b/roles/webserver/tasks/apache.yml
new file mode 100644
index 00000000..449c890e
--- /dev/null
+++ b/roles/webserver/tasks/apache.yml
@@ -0,0 +1,70 @@
+#This play configs apapche for us
+---
+name: Deploy 000-default.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/000-default.conf
+ dest: /etc/apache2/sites/available/000-default.conf
+name: Deploy default-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/default-ssl.conf
+ dest: /etc/apache2/sites/available/default-ssl.conf
+name: Deploy ftp.summit.ttm.sh.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/ftp.summit.ttm.sh.conf
+ dest: /etc/apache2/sites/available/ftp.summit.ttm.sh.conf
+name: Deploy ftp.summit.ttm.sh-le-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/ftp.summit.ttm.sh-le-ssl.conf
+ dest: /etc/apache2/sites/available/ftp.summit.ttm.sh-le-ssl.conf
+name: Deploy mail.thunix.cf.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/mail.thunix.cf.conf
+ dest: /etc/apache2/sites/available/mail.thunix.cf.conf
+name: Deploy mail.thunix.cf-le-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/mail.thunix.cf-le-ssl.conf
+ dest: /etc/apache2/sites/available/mail.thunix.cf-le-ssl.conf
+name: Deploy ny.dyniform.net.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/ny.dyniform.net.conf
+ dest: /etc/apache2/sites/available/ny.dyniform.net.conf
+name: Deploy summit-nosite.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/summit-nosite.conf
+ dest: /etc/apache2/sites/available/summit-nosite.conf
+name: Deploy summit.ttm.sh.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/summit.ttm.sh.conf
+ dest: /etc/apache2/sites/available/summit.ttm.sh.conf
+name: Deploy summit.ttm.sh-le-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/summit.ttm.sh-le-ssl.conf
+ dest: /etc/apache2/sites/available/summit.ttm.sh-le-ssl.conf
+name: Deploy thunix.cf.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/thunix.cf.conf
+ dest: /etc/apache2/sites/available/thunix.cf.conf
+name: Deploy thunix.cf-le-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/thunix.cf-le-ssl.conf
+ dest: /etc/apache2/sites/available/thunix.cf-le-ssl.conf
+name: Deploy thunix.tilde.chat.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/thunix.tilde.chat.conf
+ dest: /etc/apache2/sites/available/thunix.tilde.chat.conf
+name: Deploy www.summit.ttm.sh.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/www.summit.ttm.sh.conf
+ dest: /etc/apache2/sites/available/www.summit.ttm.sh.conf
+name: Deploy www.summit.ttm.sh-le-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/www.summit.ttm.sh-le-ssl.conf
+ dest: /etc/apache2/sites/available/www.summit.ttm.sh-le-ssl.conf
+name: Deploy www.thunix.cf.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/www.thunix.cf.conf
+ dest: /etc/apache2/sites/available/www.thunix.cf.conf
+name: Deploy www.thunix.cf-le-ssl.conf
+ - copy:
+ src: ../files/etc/apache2/sites-available/www.thunix.cf-le-ssl.conf
+ dest: /etc/apache2/sites/available/www.thunix.cf-le-ssl.conf
diff --git a/roles/webserver/tasks/codedeploy.yml b/roles/webserver/tasks/codedeploy.yml
new file mode 100644
index 00000000..a4c5f3a9
--- /dev/null
+++ b/roles/webserver/tasks/codedeploy.yml
@@ -0,0 +1,5 @@
+# This play deploys the www code
+# Example git checkout from Ansible Playbooks
+- git:
+ repo: 'https://tildegit.org/thunix/www.git'
+ dest: /var/www/thunix.cf
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
index 0ed0011d..ecfa5a41 100644
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -3,6 +3,6 @@
- include: packages.yml
- include: users.yml
- - include: resolv.yml
- include: apache.yml
- - include: codedeploy.yml
\ No newline at end of file
+ - include: codedeploy.yml
+
diff --git a/roles/webserver/tasks/packages.yml b/roles/webserver/tasks/packages.yml
new file mode 100644
index 00000000..c53fabcd
--- /dev/null
+++ b/roles/webserver/tasks/packages.yml
@@ -0,0 +1,25 @@
+ # Install apache and accoutrements www, irrespective of what role they might have
+ ---
+ - name: Install wwww packages
+ apt: name={{ item }} state=present
+ with_items:
+ - apache2
+ - mariadb-server
+ - mariadb-client
+ - php7.0
+ - libapache2-mod-php7.0
+ - php7.0-mysql
+ - php7.0-curl
+ - php7.0-gd
+ - php7.0-intl
+ - php-pear
+ - php-imagick
+ - php7.0-imap
+ - php7.0-mcrypt
+ - php-memcache
+ - php7.0-pspell
+ - php7.0-recode
+ - php7.0-sqlite3
+ - php7.0-tidy
+ - php7.0-xmlrpc
+ - php7.0-xsl
diff --git a/roles/webserver/tasks/users.yml b/roles/webserver/tasks/users.yml
new file mode 100644
index 00000000..95ed4200
--- /dev/null
+++ b/roles/webserver/tasks/users.yml
@@ -0,0 +1,42 @@
+# This creates our users on the system
+---
+- group:
+ name: sudo
+ state: present
+
+- user:
+ name: amcclure
+ groups: tilde, sudo
+ state: present
+ skeleton: /etc/skel
+ shell: /bin/bash
+ system: no
+ createhome: yes
+ home: /home/amcclure
+- authorized_key:
+ user: amcclure
+ state: present
+ key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsGEzYmXXveq7aGosnJR0I3h9zwPZTOr+ytnOiwPam2KhR9GBzZsAGxtpwXXdvIUtvGFV0tlDWZ851wAYvJsRzwOu7t4OgrtrxkC/qkZ+p9FyjQ4kBX3oSKWJ08J0K59uv3GrNVrVOzyqQ6aGb8TFgCnLN9C9ElWmdmyrZ3evbiraCov9HM8EpxCJN68nPz/ugJvIL6xZe+9+uGRzBrMrtbTPxTFi5SLHg1itPGFVRFJr8ZjOZ4temoZ9IKOi/EYP+FUPk+Xbg+6iaOpS0wlq2eQ+DpMFpsP+kHHiY7X1Ln4pMA4C8ewfqnFi6kI8VJtDFmuZgXlaV/Uq5T54zRzZt amcclure@tilde"
+- authorized_key:
+ user: amcclure
+ state: present
+ key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhdNCqJ2+kTVRdf9R2g4Uv9TKuQzY4LbtJm5V1dx7uMfNI8HGHOa8gFopAaId8S9SY5WoIP4R0y+avZQzKRAVcqJNiKrKQDb5juLSWgL51CrOgZd6Y/nCUnvgmpAEUBzlxIBSDmiozDF4R6fk+8MqXsT8/HOaQgXX52v4qWBY9XWSOFwCeukywpnENvNm+H3vJhHddIYtcONWJB5m6msrBRo5NR7uo5RVt5GJpUpXfdI2IHLV4YZavLWiT/yBbBvxCODKWkNNXr9jBZ5RHPnqYcABoAKJ6hMaNzuJfAa9AvlV5aRDhRenOiS2/EQhC4rxPMHmnfn4TYng7vQRbVTvnGeLNGtsLqRDWuNQEmLYUZ8Q4JZfoSzZVmSyy2NeLvJRYxQRh7NTZlzoDkY+JBURINPcfVduVT2DD0buFSdhIq7/jreV1QZuSpOa5ABgvhTOf9bCIPaqbJ/zK7m+rqIPUhvrNZGgC7xkUpzdfl67W3xh+RyEIPdJX98dYZ9bZFFYvntW+plHizBBs+s7kGTV7BKm4rJ2oQfTby1M3++tSTZi/6QAkcOEb3VJ5n0rQiM+FMLuHfP2dPXh3AIVKYAiwZjdrJ3174g8JjSTXt3jJm6I1KW89oG2AcBbI/N3bgIVXcU+IRx846+zU7iZ49YtJK61Ml7u9aVQJDABQEMg6OQ== amcclure@triton"
+
+- user:
+ name: ubergeek
+ groups: sudo
+ state: present
+ skeleton: /etc/skel
+ shell: /bin/bash
+ system: no
+ createhome: yes
+ home: /home/ubergeek
+
+- authorized_key:
+ user: ubergeek
+ state: present
+ key: "ssh-dss AAAAB3NzaC1kc3MAAACBAIBSqyxUGJOtsY+ri6SWRl7SyLO0dTK0uiTVWhzt/nzNGZsmvfSteasQGOrMpEgrnWDCm7XahH/AUg5IgSDmU7gKWITZVUqZGk8zZbqmx/qQuNqnte6J3vQvQK7M6qShVpnrLFdoEyrXjljAqGVVV4nyB0n+GBBJ1WlJN/eyJt3lAAAAFQDKpycDN2+ga6d53bYyReVVoOFcgwAAAIB4a4GPZsmJJc9bSnHU5j2pt6ThMS3yud//K46TGNF9vX5EXVrWk9XZc/iPwiXOnHfTu2uoVJiJkhJEM3SQY0YO0DoEqoCfwdZ+SisQeLDat/mvNduXO2PdVoKodXftwr1dq1HMD+0Wi+b17G1E/Gfx76ECfA3mBFvdsu8Wgo+I4wAAAIAy3QFkmetRKi/XjSMiiyJa1jxKiNyTO97eU2kLFyQE7LMQ6agDACPk3yfMdUgH7tvjfOBH5Tsp3wS+nvx1I7M5w08z88F9NBrp8Z2Ni2nACLtbY5q5oFr0a7ZnD+6LbWksK8NcTAquBnxf4FzXJ+knDfAg8Oya0sqR95VV5xoVTw== ubergeek@ubergeeks-MacBook-Pro.local"
+- authorized_key:
+ user: ubergeek
+ state: present
+ key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdgDD3UMyI9NdtVGuuDS1Rqfw6YoJsctAhWgGP+0w6MX5Od0B3km6C/BaMe/ZY7vA861wjoeHFdZ69nOYsdDqysCLxZCAfGBjzYM2mS4UiuV3tnZA7C/Zd+dGUfuA64iQ1SJ3FcehGezgI9zJU2JSWfhzHO2gx7fdZ9lhCEDU3qkiXy6HFzd+B0+tlEXBSkUk4g47ZLuaKxPrqeug5xGLwjlMjTSYSyhODdjvYQNkaD4ynyggdq21T0CWA5abH4nol+NPy5HChYH7wkA0qQ23GeUrUfdWmzZxua6SBVEGC0cFiLLt0ZPCf2foob7Nse6W3ISy85uBKO4QNO5Nwl+zz ubergeek@yourtilde.com"