diff --git a/i18n/en.yml b/i18n/en.yml index 2331b53..1a77e69 100644 --- a/i18n/en.yml +++ b/i18n/en.yml @@ -42,3 +42,27 @@ common-users-setup-sudo: Give admin powers to new user common-users-setup-key: Authorize associated SSH key common-users-setup-onion: Generate a personal onion common-users-setup-irc: Welcome the user on IRC +common-users-tor-wait: Wait for onions to be generated +#### roles/webserver +# roles/webserver/handlers/main.yml +webserver-reload-nginx: Restart web server +# roles/webserver/tasks/certbot.yml +webserver-certbot-main: Generate main certificate +webserver-certbot-users: Generate user certificates +# roles/webserver/tasks/nginx.yml +webserver-default-config: Generate config for default site +webserver-default-symlink: Enable config for default site +webserver-tls-config: Configure webserver TLS settings +webserver-personal-pages: Setup personal pages +webserver-bucket-size: Configure webserver for long domain names (onions) +# roles/webserver/tasks/onions_perso.yml +webserver-onion-hostname: Read personal onion +webserver-onion-config: Configure personal onion page +webserver-onion-symlink: Enable personal onion page config +# roles/webserver/tasks/packages.yml +webserver-pkg: Setup packages for the webserver +# roles/webserver/tasks/pages_perso.yml +webserver-perso-config: Configure personal pages for webserver +webserver-perso-symlink: Enable personal pages config +webserver-perso-publichtml: Create public_html folder in skel +webserver-perso-onions: Prepare personal pages on onions diff --git a/i18n/fr.yml b/i18n/fr.yml index 8fcbcb8..14258c5 100644 --- a/i18n/fr.yml +++ b/i18n/fr.yml @@ -37,8 +37,31 @@ common-peering-remote-known: Déclarer la clé du pair sur le compte peer common-users-tor-reload: Redémarrer tor pour générer les nouveaux onions common-users-tor-wait: Attendre que les onions soient générés # roles/.common/tasks/users/setup_user.yml -common-users-setup-account: Create account for new user -common-users-setup-sudo: Give admin powers to new user -common-users-setup-key: Authorize associated SSH key -common-users-setup-onion: Generate a personal onion -common-users-setup-irc: Welcome the user on IRC +common-users-setup-account: Créer le nouveau compte +common-users-setup-sudo: Donner les droits d'admin au nouveau compte +common-users-setup-key: Autoriser la clé SSH associée +common-users-setup-onion: Générer un onion perso +common-users-setup-irc: Accueillir l'utilisateurice sur IRC +#### roles/webserver +# roles/webserver/handlers/main.yml +webserver-reload-nginx: Redémarrer le serveur web +# roles/webserver/tasks/certbot.yml +webserver-certbot-main: Générer le certificat principal +webserver-certbot-users: Générer les certificats perso +# roles/webserver/tasks/nginx.yml +webserver-default-config: Générer la configuration du site par défaut +webserver-default-symlink: Activer la config du site par défaut +webserver-tls-config: Paramétrer TLS pour le serveur web +webserver-personal-pages: Mettre en place les pages perso +webserver-bucket-size: Configurer le serveur web pour les longs domaines (.onion) +# roles/webserver/tasks/onions_perso.yml +webserver-onion-hostname: Récupérer l'onion perso +webserver-onion-config: Configurer les pages perso en onion +webserver-onion-symlink: Activer la configuration des pages perso en onion +# roles/webserver/tasks/packages.yml +webserver-pkg: Installer les paquets pour le serveur web +# roles/webserver/tasks/pages_perso.yml +webserver-perso-config: Configurer les pages perso +webserver-perso-symlink: Activer la configuration des pages perso +webserver-perso-publichtml: Créer le dossier public_html dans /etc/skel +webserver-perso-onions: Préparer les pages perso en onion diff --git a/roles/webserver/handlers/main.yml b/roles/webserver/handlers/main.yml index 0fac83a..cb4060c 100644 --- a/roles/webserver/handlers/main.yml +++ b/roles/webserver/handlers/main.yml @@ -1,2 +1,2 @@ -- name: reload nginx +- name: webserver-reload-nginx service: name=nginx state=restarted diff --git a/roles/webserver/tasks/certbot.yml b/roles/webserver/tasks/certbot.yml index c5119f6..0b26fbf 100644 --- a/roles/webserver/tasks/certbot.yml +++ b/roles/webserver/tasks/certbot.yml @@ -1,9 +1,9 @@ -- name: Generate main certificate +- name: webserver-certbot-main command: creates: /etc/letsencrypt/live/{{ hostname }}/fullchain.pem cmd: certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ hostname }} -d www.{{ hostname }} -- name: Generate user certificates +- name: webserver-certbot-users command: creates: "/etc/letsencrypt/live/{{ item.name }}.{{ hostname }}/fullchain.pem" cmd: "certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ item.name }}.{{ hostname }}" diff --git a/roles/webserver/tasks/nginx.yml b/roles/webserver/tasks/nginx.yml index e9508e4..6add09e 100644 --- a/roles/webserver/tasks/nginx.yml +++ b/roles/webserver/tasks/nginx.yml @@ -1,27 +1,27 @@ -- name: Deploy default site configuration +- name: webserver-default-config template: src: ../files/default-site.conf.j2 dest: /etc/nginx/sites-available/default-site.conf - notify: reload nginx + notify: reload-nginx -- name: Prepare symlink for default site +- name: webserver-default-symlink file: src: /etc/nginx/sites-available/default-site.conf dest: /etc/nginx/sites-enabled/default-site.conf state: link -- name: Deploy TLS config +- name: webserver-tls-config copy: src: ../files/ssl.conf dest: /etc/nginx/conf.d/ssl.conf - notify: reload nginx + notify: reload-nginx -- name: Déployer les pages perso +- name: webserver-personal-pages include: pages_perso.yml -- name: Configurer nginx pour les noms de domaine longs +- name: webserver-bucket-size lineinfile: path: /etc/nginx/nginx.conf line: "server_names_hash_bucket_size 128;" insertafter: "^http {" - notify: reload nginx + notify: reload-nginx diff --git a/roles/webserver/tasks/onions_perso.yml b/roles/webserver/tasks/onions_perso.yml index d7c555f..f205847 100644 --- a/roles/webserver/tasks/onions_perso.yml +++ b/roles/webserver/tasks/onions_perso.yml @@ -1,14 +1,14 @@ -- name: Récupérer le hostname en onion +- name: webserver-onion-hostname command: "cat /var/lib/tor/{{ item.name }}/hostname" register: web_onion -- name: Configurer l'onion pour les pages perso de l'utilisateurice +- name: webserver-onion-config template: src: ../files/onion.conf.j2 dest: "/etc/nginx/sites-available/{{ item.name }}.onion.conf" notify: reload nginx -- name: Activer la configuration nginx +- name: webserver-onion-symlink file: src: "/etc/nginx/sites-available/{{ item.name }}.onion.conf" dest: "/etc/nginx/sites-enabled/{{ item.name }}.onion.conf" diff --git a/roles/webserver/tasks/packages.yml b/roles/webserver/tasks/packages.yml index d69ca1d..9d350ed 100644 --- a/roles/webserver/tasks/packages.yml +++ b/roles/webserver/tasks/packages.yml @@ -1,4 +1,4 @@ -- name: Installer les paquets pour le serveur web +- name: webserver-pkg apt: name: - nginx diff --git a/roles/webserver/tasks/pages_perso.yml b/roles/webserver/tasks/pages_perso.yml index 66891af..d1975af 100644 --- a/roles/webserver/tasks/pages_perso.yml +++ b/roles/webserver/tasks/pages_perso.yml @@ -1,19 +1,19 @@ -- name: Configurer les pages perso pour nginx +- name: webserver-perso-config template: src: ../files/users.conf.j2 dest: /etc/nginx/sites-available/users-site.conf -- name: Créer les liens symboliques pour la config des sites +- name: webserver-perso-symlink file: src: /etc/nginx/sites-available/users-site.conf dest: /etc/nginx/sites-enabled/users-site.conf state: link -- name: Ajouter un dossier public_html dans le squelette +- name: webserver-perso-publichtml file: path: /etc/skel/public_html state: directory -- name: Configurer les pages perso en onion +- name: webserver-perso-onions include: onions_perso.yml loop: "{{ users }}"