From 908718a622fe229d17da7303b117eee0fe7f8d9d Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Mon, 25 Apr 2022 13:45:34 +0200
Subject: Rename playbooks
---
playbooks.d/vpn-tinc/description.txt | 1 +
playbooks.d/vpn-tinc/etc/defaults | 6 +
.../vpn-tinc/etc/os.d/linux-debian_gnu_linux | 1 +
playbooks.d/vpn-tinc/playbook.bash | 123 ++++++++++++++++++
playbooks.d/vpn-tinc/share/host | 2 +
playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net | 16 +++
playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net | 16 +++
playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net | 16 +++
playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net | 16 +++
playbooks.d/vpn-tinc/share/tinc-down-ifconfig | 3 +
playbooks.d/vpn-tinc/share/tinc-down-ip | 3 +
playbooks.d/vpn-tinc/share/tinc-up-ifconfig | 3 +
playbooks.d/vpn-tinc/share/tinc-up-ip | 5 +
playbooks.d/vpn-tinc/share/tinc.conf | 4 +
playbooks.d/vpn/description.txt | 1 -
playbooks.d/vpn/etc/defaults | 6 -
playbooks.d/vpn/etc/os.d/linux-debian_gnu_linux | 1 -
playbooks.d/vpn/playbook.bash | 123 ------------------
playbooks.d/vpn/share/host | 2 -
playbooks.d/vpn/share/hosts/anoia_tyil_net | 16 ---
playbooks.d/vpn/share/hosts/caeghi_tyil_net | 16 ---
playbooks.d/vpn/share/hosts/edephas_tyil_net | 16 ---
playbooks.d/vpn/share/hosts/gaeru_tyil_net | 16 ---
playbooks.d/vpn/share/tinc-down-ifconfig | 3 -
playbooks.d/vpn/share/tinc-down-ip | 3 -
playbooks.d/vpn/share/tinc-up-ifconfig | 3 -
playbooks.d/vpn/share/tinc-up-ip | 5 -
playbooks.d/vpn/share/tinc.conf | 4 -
playbooks.d/webserver-nginx/description.txt | 1 +
playbooks.d/webserver-nginx/etc/defaults | 4 +
playbooks.d/webserver-nginx/playbook.bash | 107 ++++++++++++++++
playbooks.d/webserver-nginx/share/cert.sh | 11 ++
playbooks.d/webserver-nginx/share/mime.types | 88 +++++++++++++
playbooks.d/webserver-nginx/share/nginx.conf | 23 ++++
playbooks.d/webserver-nginx/share/sites.d/http/_ | 10 ++
.../share/sites.d/http/church.scriptkitties | 13 ++
.../share/sites.d/http/com.voidfire | 13 ++
.../webserver-nginx/share/sites.d/http/net.tyil | 12 ++
.../webserver-nginx/share/sites.d/http/nl.fglt | 13 ++
.../webserver-nginx/share/sites.d/http/nl.tyil | 13 ++
.../webserver-nginx/share/sites.d/http/nl.tyil.alt | 13 ++
.../share/sites.d/http/nl.tyil.alt.imgur | 13 ++
.../share/sites.d/http/nl.tyil.alt.reddit | 13 ++
.../share/sites.d/http/nl.tyil.alt.twitter | 13 ++
.../share/sites.d/http/nl.tyil.cloud | 12 ++
.../share/sites.d/http/nl.tyil.dist | 13 ++
.../webserver-nginx/share/sites.d/http/nl.tyil.git | 13 ++
.../share/sites.d/http/nl.tyil.home | 13 ++
.../share/sites.d/http/nl.tyil.homebrew | 13 ++
.../webserver-nginx/share/sites.d/http/nl.tyil.p | 13 ++
.../share/sites.d/http/nl.tyil.radio | 13 ++
.../share/sites.d/http/nl.tyil.searx | 13 ++
.../webserver-nginx/share/sites.d/http/nl.tyil.tv | 12 ++
.../webserver-nginx/share/sites.d/http/nl.tyil.www | 13 ++
.../share/sites.d/http/pictures.memebooru | 13 ++
.../webserver-nginx/share/sites.d/http/work.tyil | 13 ++
.../share/sites.d/https/church.scriptkitties | 62 ++++++++++
.../share/sites.d/https/com.voidfire | 19 +++
.../webserver-nginx/share/sites.d/https/net.tyil | 28 +++++
.../webserver-nginx/share/sites.d/https/nl.fglt | 22 ++++
.../webserver-nginx/share/sites.d/https/nl.tyil | 24 ++++
.../share/sites.d/https/nl.tyil.alt | 17 +++
.../share/sites.d/https/nl.tyil.alt.imgur | 20 +++
.../share/sites.d/https/nl.tyil.alt.reddit | 20 +++
.../share/sites.d/https/nl.tyil.alt.twitter | 20 +++
.../share/sites.d/https/nl.tyil.cloud | 137 +++++++++++++++++++++
.../share/sites.d/https/nl.tyil.dist | 16 +++
.../share/sites.d/https/nl.tyil.git | 30 +++++
.../share/sites.d/https/nl.tyil.home | 52 ++++++++
.../share/sites.d/https/nl.tyil.homebrew | 19 +++
.../webserver-nginx/share/sites.d/https/nl.tyil.p | 27 ++++
.../share/sites.d/https/nl.tyil.radio | 17 +++
.../share/sites.d/https/nl.tyil.searx | 25 ++++
.../webserver-nginx/share/sites.d/https/nl.tyil.tv | 19 +++
.../share/sites.d/https/nl.tyil.www | 25 ++++
.../share/sites.d/https/pictures.memebooru | 28 +++++
.../webserver-nginx/share/sites.d/https/work.tyil | 15 +++
.../webserver-nginx/share/snippets.d/certbot.conf | 5 +
.../webserver-nginx/share/snippets.d/fcgi.conf | 27 ++++
.../webserver-nginx/share/snippets.d/headers.conf | 4 +
.../webserver-nginx/share/snippets.d/ssl.conf | 16 +++
.../webserver-nginx/share/snippets.d/uwsgi.conf | 20 +++
playbooks.d/webserver/description.txt | 1 -
playbooks.d/webserver/etc/defaults | 4 -
playbooks.d/webserver/playbook.bash | 107 ----------------
playbooks.d/webserver/share/cert.sh | 11 --
playbooks.d/webserver/share/mime.types | 88 -------------
playbooks.d/webserver/share/nginx.conf | 23 ----
playbooks.d/webserver/share/sites.d/http/_ | 10 --
.../share/sites.d/http/church.scriptkitties | 13 --
.../webserver/share/sites.d/http/com.voidfire | 13 --
playbooks.d/webserver/share/sites.d/http/net.tyil | 12 --
playbooks.d/webserver/share/sites.d/http/nl.fglt | 13 --
playbooks.d/webserver/share/sites.d/http/nl.tyil | 13 --
.../webserver/share/sites.d/http/nl.tyil.alt | 13 --
.../webserver/share/sites.d/http/nl.tyil.alt.imgur | 13 --
.../share/sites.d/http/nl.tyil.alt.reddit | 13 --
.../share/sites.d/http/nl.tyil.alt.twitter | 13 --
.../webserver/share/sites.d/http/nl.tyil.cloud | 12 --
.../webserver/share/sites.d/http/nl.tyil.dist | 13 --
.../webserver/share/sites.d/http/nl.tyil.git | 13 --
.../webserver/share/sites.d/http/nl.tyil.home | 13 --
.../webserver/share/sites.d/http/nl.tyil.homebrew | 13 --
playbooks.d/webserver/share/sites.d/http/nl.tyil.p | 13 --
.../webserver/share/sites.d/http/nl.tyil.radio | 13 --
.../webserver/share/sites.d/http/nl.tyil.searx | 13 --
.../webserver/share/sites.d/http/nl.tyil.tv | 12 --
.../webserver/share/sites.d/http/nl.tyil.www | 13 --
.../share/sites.d/http/pictures.memebooru | 13 --
playbooks.d/webserver/share/sites.d/http/work.tyil | 13 --
.../share/sites.d/https/church.scriptkitties | 62 ----------
.../webserver/share/sites.d/https/com.voidfire | 19 ---
playbooks.d/webserver/share/sites.d/https/net.tyil | 28 -----
playbooks.d/webserver/share/sites.d/https/nl.fglt | 22 ----
playbooks.d/webserver/share/sites.d/https/nl.tyil | 24 ----
.../webserver/share/sites.d/https/nl.tyil.alt | 17 ---
.../share/sites.d/https/nl.tyil.alt.imgur | 20 ---
.../share/sites.d/https/nl.tyil.alt.reddit | 20 ---
.../share/sites.d/https/nl.tyil.alt.twitter | 20 ---
.../webserver/share/sites.d/https/nl.tyil.cloud | 137 ---------------------
.../webserver/share/sites.d/https/nl.tyil.dist | 16 ---
.../webserver/share/sites.d/https/nl.tyil.git | 30 -----
.../webserver/share/sites.d/https/nl.tyil.home | 52 --------
.../webserver/share/sites.d/https/nl.tyil.homebrew | 19 ---
.../webserver/share/sites.d/https/nl.tyil.p | 27 ----
.../webserver/share/sites.d/https/nl.tyil.radio | 17 ---
.../webserver/share/sites.d/https/nl.tyil.searx | 25 ----
.../webserver/share/sites.d/https/nl.tyil.tv | 19 ---
.../webserver/share/sites.d/https/nl.tyil.www | 25 ----
.../share/sites.d/https/pictures.memebooru | 28 -----
.../webserver/share/sites.d/https/work.tyil | 15 ---
.../webserver/share/snippets.d/certbot.conf | 5 -
playbooks.d/webserver/share/snippets.d/fcgi.conf | 27 ----
.../webserver/share/snippets.d/headers.conf | 4 -
playbooks.d/webserver/share/snippets.d/ssl.conf | 16 ---
playbooks.d/webserver/share/snippets.d/uwsgi.conf | 20 ---
registry.d/anoia.tyil.net | 2 +-
registry.d/caeghi.tyil.net | 2 +-
registry.d/edephas.tyil.net | 4 +-
registry.d/gaeru.tyil.net | 2 +-
140 files changed, 1448 insertions(+), 1448 deletions(-)
create mode 100644 playbooks.d/vpn-tinc/description.txt
create mode 100644 playbooks.d/vpn-tinc/etc/defaults
create mode 100644 playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux
create mode 100644 playbooks.d/vpn-tinc/playbook.bash
create mode 100644 playbooks.d/vpn-tinc/share/host
create mode 100644 playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net
create mode 100644 playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net
create mode 100644 playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net
create mode 100644 playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net
create mode 100644 playbooks.d/vpn-tinc/share/tinc-down-ifconfig
create mode 100644 playbooks.d/vpn-tinc/share/tinc-down-ip
create mode 100644 playbooks.d/vpn-tinc/share/tinc-up-ifconfig
create mode 100644 playbooks.d/vpn-tinc/share/tinc-up-ip
create mode 100644 playbooks.d/vpn-tinc/share/tinc.conf
delete mode 100644 playbooks.d/vpn/description.txt
delete mode 100644 playbooks.d/vpn/etc/defaults
delete mode 100644 playbooks.d/vpn/etc/os.d/linux-debian_gnu_linux
delete mode 100644 playbooks.d/vpn/playbook.bash
delete mode 100644 playbooks.d/vpn/share/host
delete mode 100644 playbooks.d/vpn/share/hosts/anoia_tyil_net
delete mode 100644 playbooks.d/vpn/share/hosts/caeghi_tyil_net
delete mode 100644 playbooks.d/vpn/share/hosts/edephas_tyil_net
delete mode 100644 playbooks.d/vpn/share/hosts/gaeru_tyil_net
delete mode 100644 playbooks.d/vpn/share/tinc-down-ifconfig
delete mode 100644 playbooks.d/vpn/share/tinc-down-ip
delete mode 100644 playbooks.d/vpn/share/tinc-up-ifconfig
delete mode 100644 playbooks.d/vpn/share/tinc-up-ip
delete mode 100644 playbooks.d/vpn/share/tinc.conf
create mode 100644 playbooks.d/webserver-nginx/description.txt
create mode 100644 playbooks.d/webserver-nginx/etc/defaults
create mode 100644 playbooks.d/webserver-nginx/playbook.bash
create mode 100755 playbooks.d/webserver-nginx/share/cert.sh
create mode 100644 playbooks.d/webserver-nginx/share/mime.types
create mode 100644 playbooks.d/webserver-nginx/share/nginx.conf
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/_
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/church.scriptkitties
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/net.tyil
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.fglt
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.imgur
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.reddit
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.twitter
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.cloud
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.dist
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.git
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.home
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.homebrew
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.p
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.radio
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.searx
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.tv
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.www
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/pictures.memebooru
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/work.tyil
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/church.scriptkitties
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/net.tyil
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.fglt
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.imgur
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.reddit
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.twitter
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.cloud
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.dist
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.home
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.homebrew
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.p
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.radio
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.searx
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/pictures.memebooru
create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/work.tyil
create mode 100644 playbooks.d/webserver-nginx/share/snippets.d/certbot.conf
create mode 100644 playbooks.d/webserver-nginx/share/snippets.d/fcgi.conf
create mode 100644 playbooks.d/webserver-nginx/share/snippets.d/headers.conf
create mode 100644 playbooks.d/webserver-nginx/share/snippets.d/ssl.conf
create mode 100644 playbooks.d/webserver-nginx/share/snippets.d/uwsgi.conf
delete mode 100644 playbooks.d/webserver/description.txt
delete mode 100644 playbooks.d/webserver/etc/defaults
delete mode 100644 playbooks.d/webserver/playbook.bash
delete mode 100755 playbooks.d/webserver/share/cert.sh
delete mode 100644 playbooks.d/webserver/share/mime.types
delete mode 100644 playbooks.d/webserver/share/nginx.conf
delete mode 100644 playbooks.d/webserver/share/sites.d/http/_
delete mode 100644 playbooks.d/webserver/share/sites.d/http/church.scriptkitties
delete mode 100644 playbooks.d/webserver/share/sites.d/http/com.voidfire
delete mode 100644 playbooks.d/webserver/share/sites.d/http/net.tyil
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.fglt
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.alt
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.imgur
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.reddit
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.twitter
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.cloud
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.dist
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.git
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.home
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.homebrew
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.p
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.radio
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.searx
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.tv
delete mode 100644 playbooks.d/webserver/share/sites.d/http/nl.tyil.www
delete mode 100644 playbooks.d/webserver/share/sites.d/http/pictures.memebooru
delete mode 100644 playbooks.d/webserver/share/sites.d/http/work.tyil
delete mode 100644 playbooks.d/webserver/share/sites.d/https/church.scriptkitties
delete mode 100644 playbooks.d/webserver/share/sites.d/https/com.voidfire
delete mode 100644 playbooks.d/webserver/share/sites.d/https/net.tyil
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.fglt
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.alt
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.imgur
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.reddit
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.twitter
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.dist
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.git
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.home
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.homebrew
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.p
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.radio
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.searx
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.tv
delete mode 100644 playbooks.d/webserver/share/sites.d/https/nl.tyil.www
delete mode 100644 playbooks.d/webserver/share/sites.d/https/pictures.memebooru
delete mode 100644 playbooks.d/webserver/share/sites.d/https/work.tyil
delete mode 100644 playbooks.d/webserver/share/snippets.d/certbot.conf
delete mode 100644 playbooks.d/webserver/share/snippets.d/fcgi.conf
delete mode 100644 playbooks.d/webserver/share/snippets.d/headers.conf
delete mode 100644 playbooks.d/webserver/share/snippets.d/ssl.conf
delete mode 100644 playbooks.d/webserver/share/snippets.d/uwsgi.conf
diff --git a/playbooks.d/vpn-tinc/description.txt b/playbooks.d/vpn-tinc/description.txt
new file mode 100644
index 0000000..0bad766
--- /dev/null
+++ b/playbooks.d/vpn-tinc/description.txt
@@ -0,0 +1 @@
+VPN through tinc
diff --git a/playbooks.d/vpn-tinc/etc/defaults b/playbooks.d/vpn-tinc/etc/defaults
new file mode 100644
index 0000000..3186527
--- /dev/null
+++ b/playbooks.d/vpn-tinc/etc/defaults
@@ -0,0 +1,6 @@
+app.tinc=tinc
+app.tincd=tincd
+
+pkg.tinc=tinc
+
+svc.tinc=tincd
diff --git a/playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux b/playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux
new file mode 100644
index 0000000..9a5da58
--- /dev/null
+++ b/playbooks.d/vpn-tinc/etc/os.d/linux-debian_gnu_linux
@@ -0,0 +1 @@
+svc.tinc=tinc@tyilnet
diff --git a/playbooks.d/vpn-tinc/playbook.bash b/playbooks.d/vpn-tinc/playbook.bash
new file mode 100644
index 0000000..f9c8dd5
--- /dev/null
+++ b/playbooks.d/vpn-tinc/playbook.bash
@@ -0,0 +1,123 @@
+#!/usr/bin/env bash
+
+playbook_add()
+{
+ local tinc="$(config "app.tinc")"
+ local tincd="$(config "app.tincd")"
+ local dir="$(config "fs.etcdir")/tinc/tyilnet"
+ local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ local ipv4="$(config "vpn.ipv4")"
+
+ if [[ -z "$ipv4" ]]
+ then
+ emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}"
+ return 2
+ fi
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ freebsd) iptool=ifconfig ;;
+ *) iptool=ip
+ esac
+
+ info "$BASHTARD_PLAYBOOK" "Installing tinc"
+ pkg install "tinc"
+
+ info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir"
+ mkdir -pv -- \
+ "$dir" \
+ "$dir/hosts"
+
+ file_template tinc.conf \
+ "name=$name" \
+ > "$dir/tinc.conf"
+
+ file_template "tinc-up-$iptool" \
+ "ip4=$(config "vpn.ipv4")" \
+ > "$dir/tinc-up"
+
+ file_template "tinc-down-$iptool" \
+ "ip4=$(config "vpn.ipv4")" \
+ > "$dir/tinc-down"
+
+ file_template "host" \
+ "ip4=$(config "vpn.ipv4")" \
+ > "$dir/hosts/$name"
+
+ chmod +x \
+ "$dir/tinc-up" \
+ "$dir/tinc-down"
+
+ info "$BASHTARD_PLAYBOOK" "Generating private keys"
+
+ case "$($tincd --version | awk '{ print $3 }' | head -n1)" in
+ 1.0*)
+ $tincd -n tyilnet -K4096
+ ;;
+ 1.1*|*)
+ $tinc -n tyilnet generate-rsa-keys 4096
+ $tinc -n tyilnet generate-ed25519-keys
+ ;;
+ esac
+
+ info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs"
+
+ cp -v -- \
+ "$dir/hosts/$name" \
+ "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name"
+
+ playbook_sync
+
+ info "$BASHTARD_PLAYBOOK" "Enabling VPN service"
+
+ case "${BASHTARD_PLATFORM[key]}" in
+ freebsd)
+ if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd"
+ then
+ printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd"
+ fi
+ ;;
+ linux-gentoo)
+ if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks
+ then
+ printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks
+ fi
+ ;;
+ esac
+
+ svc enable "tinc"
+ svc start "tinc"
+}
+
+playbook_sync()
+{
+ local dir="$(config "fs.etcdir")/tinc/tyilnet"
+ local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
+ local host
+
+ info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts"
+ rm -fr -- "$dir/hosts"
+ mkdir -p -- "$dir/hosts"
+
+ for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/*
+ do
+ host="$(basename "$path")"
+
+ notice "$BASHTARD_PLAYBOOK" "Updating host $host"
+ file_template "hosts/$host" \
+ > "$dir/hosts/$host"
+ done
+
+ [[ "$BASHTARD_COMMAND" == "add" ]] && return
+
+ svc reload "tinc"
+}
+
+playbook_del()
+{
+ svc stop "tinc"
+ svc disable "tinc"
+
+ pkg uninstall "tinc"
+
+ rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet"
+}
diff --git a/playbooks.d/vpn-tinc/share/host b/playbooks.d/vpn-tinc/share/host
new file mode 100644
index 0000000..c24d4ad
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/host
@@ -0,0 +1,2 @@
+Subnet = ${ip4}/32
+
diff --git a/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net b/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net
new file mode 100644
index 0000000..4856c95
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/hosts/anoia_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.100.3/32
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO
+VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85
+F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq
+cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3
+VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K
++ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0
+jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs
+38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip
+pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX
+Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y
+qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG
diff --git a/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net b/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net
new file mode 100644
index 0000000..c5d5b05
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/hosts/caeghi_tyil_net
@@ -0,0 +1,16 @@
+Address = 116.202.102.33
+Subnet = 10.57.20.2/32
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
+P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
+EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
+TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
+FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
+mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
+oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
+t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
+rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
+OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
+8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net b/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net
new file mode 100644
index 0000000..6e095bb
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/hosts/edephas_tyil_net
@@ -0,0 +1,16 @@
+Subnet = 10.57.100.7/32
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
+PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
+a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
+KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
+UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
+gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
+zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
+mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
+yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
+CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
+fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
diff --git a/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net b/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net
new file mode 100644
index 0000000..eba305b
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/hosts/gaeru_tyil_net
@@ -0,0 +1,16 @@
+Address = 37.48.120.26
+Subnet = 10.57.20.6/32
+
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
+ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
+iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
+XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
+VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
+giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
+5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
+Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
+B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
+7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
+tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn-tinc/share/tinc-down-ifconfig b/playbooks.d/vpn-tinc/share/tinc-down-ifconfig
new file mode 100644
index 0000000..6563f07
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/tinc-down-ifconfig
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ifconfig "$INTERFACE" down
diff --git a/playbooks.d/vpn-tinc/share/tinc-down-ip b/playbooks.d/vpn-tinc/share/tinc-down-ip
new file mode 100644
index 0000000..800ebb3
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/tinc-down-ip
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ip link set "$INTERFACE" down
diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ifconfig b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig
new file mode 100644
index 0000000..66c897e
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/tinc-up-ifconfig
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0
diff --git a/playbooks.d/vpn-tinc/share/tinc-up-ip b/playbooks.d/vpn-tinc/share/tinc-up-ip
new file mode 100644
index 0000000..191d310
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/tinc-up-ip
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+ip -4 addr add "${ip4}/16" dev "$INTERFACE"
+
+ip link set "$INTERFACE" up
diff --git a/playbooks.d/vpn-tinc/share/tinc.conf b/playbooks.d/vpn-tinc/share/tinc.conf
new file mode 100644
index 0000000..618a271
--- /dev/null
+++ b/playbooks.d/vpn-tinc/share/tinc.conf
@@ -0,0 +1,4 @@
+Name = ${name}
+
+ConnectTo = caeghi_tyil_net
+ConnectTo = gaeru_tyil_net
diff --git a/playbooks.d/vpn/description.txt b/playbooks.d/vpn/description.txt
deleted file mode 100644
index 0bad766..0000000
--- a/playbooks.d/vpn/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-VPN through tinc
diff --git a/playbooks.d/vpn/etc/defaults b/playbooks.d/vpn/etc/defaults
deleted file mode 100644
index 3186527..0000000
--- a/playbooks.d/vpn/etc/defaults
+++ /dev/null
@@ -1,6 +0,0 @@
-app.tinc=tinc
-app.tincd=tincd
-
-pkg.tinc=tinc
-
-svc.tinc=tincd
diff --git a/playbooks.d/vpn/etc/os.d/linux-debian_gnu_linux b/playbooks.d/vpn/etc/os.d/linux-debian_gnu_linux
deleted file mode 100644
index 9a5da58..0000000
--- a/playbooks.d/vpn/etc/os.d/linux-debian_gnu_linux
+++ /dev/null
@@ -1 +0,0 @@
-svc.tinc=tinc@tyilnet
diff --git a/playbooks.d/vpn/playbook.bash b/playbooks.d/vpn/playbook.bash
deleted file mode 100644
index f9c8dd5..0000000
--- a/playbooks.d/vpn/playbook.bash
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add()
-{
- local tinc="$(config "app.tinc")"
- local tincd="$(config "app.tincd")"
- local dir="$(config "fs.etcdir")/tinc/tyilnet"
- local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
- local ipv4="$(config "vpn.ipv4")"
-
- if [[ -z "$ipv4" ]]
- then
- emerg "$BASHTARD_PLAYBOOK" "No IPv4 address set for ${BASHTARD_PLATFORM[fqdn]}"
- return 2
- fi
-
- case "${BASHTARD_PLATFORM[key]}" in
- freebsd) iptool=ifconfig ;;
- *) iptool=ip
- esac
-
- info "$BASHTARD_PLAYBOOK" "Installing tinc"
- pkg install "tinc"
-
- info "$BASHTARD_PLAYBOOK" "Creating tinc configuration at $dir"
- mkdir -pv -- \
- "$dir" \
- "$dir/hosts"
-
- file_template tinc.conf \
- "name=$name" \
- > "$dir/tinc.conf"
-
- file_template "tinc-up-$iptool" \
- "ip4=$(config "vpn.ipv4")" \
- > "$dir/tinc-up"
-
- file_template "tinc-down-$iptool" \
- "ip4=$(config "vpn.ipv4")" \
- > "$dir/tinc-down"
-
- file_template "host" \
- "ip4=$(config "vpn.ipv4")" \
- > "$dir/hosts/$name"
-
- chmod +x \
- "$dir/tinc-up" \
- "$dir/tinc-down"
-
- info "$BASHTARD_PLAYBOOK" "Generating private keys"
-
- case "$($tincd --version | awk '{ print $3 }' | head -n1)" in
- 1.0*)
- $tincd -n tyilnet -K4096
- ;;
- 1.1*|*)
- $tinc -n tyilnet generate-rsa-keys 4096
- $tinc -n tyilnet generate-ed25519-keys
- ;;
- esac
-
- info "$BASHTARD_PLAYBOOK" "Adding new host to Bashtard configs"
-
- cp -v -- \
- "$dir/hosts/$name" \
- "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts/$name"
-
- playbook_sync
-
- info "$BASHTARD_PLAYBOOK" "Enabling VPN service"
-
- case "${BASHTARD_PLATFORM[key]}" in
- freebsd)
- if ! grep -Fq 'tincd_cfg="tyilnet"' "/etc/rc.conf.d/tincd"
- then
- printf 'tincd_cfg="%s"\n' "tyilnet" >> "/etc/rc.conf.d/tincd"
- fi
- ;;
- linux-gentoo)
- if ! grep -Fq "NETWORK: tyilnet" /etc/conf.d/tinc.networks
- then
- printf "NETWORK: %s\n" "tyilnet" >> /etc/conf.d/tinc.networks
- fi
- ;;
- esac
-
- svc enable "tinc"
- svc start "tinc"
-}
-
-playbook_sync()
-{
- local dir="$(config "fs.etcdir")/tinc/tyilnet"
- local name="$(tr "." "_" <<< "${BASHTARD_PLATFORM[fqdn]}")"
- local host
-
- info "$BASHTARD_PLAYBOOK" "Regenerating tinc hosts"
- rm -fr -- "$dir/hosts"
- mkdir -p -- "$dir/hosts"
-
- for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/hosts"/*
- do
- host="$(basename "$path")"
-
- notice "$BASHTARD_PLAYBOOK" "Updating host $host"
- file_template "hosts/$host" \
- > "$dir/hosts/$host"
- done
-
- [[ "$BASHTARD_COMMAND" == "add" ]] && return
-
- svc reload "tinc"
-}
-
-playbook_del()
-{
- svc stop "tinc"
- svc disable "tinc"
-
- pkg uninstall "tinc"
-
- rm -frv -- "$(config "fs.etcdir")/tinc/tyilnet"
-}
diff --git a/playbooks.d/vpn/share/host b/playbooks.d/vpn/share/host
deleted file mode 100644
index c24d4ad..0000000
--- a/playbooks.d/vpn/share/host
+++ /dev/null
@@ -1,2 +0,0 @@
-Subnet = ${ip4}/32
-
diff --git a/playbooks.d/vpn/share/hosts/anoia_tyil_net b/playbooks.d/vpn/share/hosts/anoia_tyil_net
deleted file mode 100644
index 4856c95..0000000
--- a/playbooks.d/vpn/share/hosts/anoia_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.3/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvcW/20fxgdGdNelD/eMwEpLChI03rvDbPHAp9en3cwlYaND40udO
-VxjRXj0rE9IA4N0f+o8oJdmG+mzl5Dd3rKXVnBnRymKzpNJ2w+cILPm1sQa6IO85
-F+7Q5v7lb5yFuy3JVi+tg4nqL+xHSZL6w/oPX667bR90oBJEd7C+U7p7r8DXvyHq
-cg9U1maDmZ0IzZtl6BxsjyfUr0o6xBtw+pCSIvOXW5xd4mfBPgvp+3nIcux6nek3
-VR6SJ85aXlYZxER23N13Vi3dGUJSIaBPN5MuS3IHBbAP/Feeyo8p4SCzl0AMfo/K
-+ZGcheL/NX7EVGg4XcZNgFaTBpusScOfxiRlzAeImomiQwKIywXp1otCn6dKIDj0
-jj146Dodf2nHRbTQj7H/2zyiRDjY/tpis/xTVA5AJu+p5aaXBA/eSb4H1OKL5qYs
-38/bUiUJTSbpWvC9WiHq/xi5GSs+3ehDara89yXXhunWLsqvSZOZacqeZQw8k+ip
-pNcnXbbtS0zqNQie3OEKY9qqOGKzjUiYu8yWJ4eo370XzlQ9sUgGfKmwCcc2c2jX
-Rrhjck+4DGeRA10oJpoxKArPaWrGWezIHJ49Jrc+xiTJ5EMVqOpuGvL5lrKn7g6y
-qYk1u6x0We1nCkMNN2LxrmL6j3p6PKRbWg7bczqPO4uEyT/575Ih2ssCAwEAAQ==
------END RSA PUBLIC KEY-----
-Ed25519PublicKey = 7jy41lK2S4BzhUVSAmULDSiZ9NQM4eQ0Geg2+F9pTpG
diff --git a/playbooks.d/vpn/share/hosts/caeghi_tyil_net b/playbooks.d/vpn/share/hosts/caeghi_tyil_net
deleted file mode 100644
index c5d5b05..0000000
--- a/playbooks.d/vpn/share/hosts/caeghi_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 116.202.102.33
-Subnet = 10.57.20.2/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA2abFKFB1Dr1YMcAIWcy/2+jJn+suPyiQjz6vgt476P9a/I7SUCta
-P5QUPxvS9pZxFVTFKzpmdKxG1pbCAkhArtNg2R1VFEiYCxS+iey+F11pMPEZFVpC
-EIXeVDQeBm9UXjrOpcTRIwEO7Q2J2lzRrhGm6Rpb6XbdmtQ3S8XgVsXYwWoV7muf
-TE/d5fgtz8Hghti8w86FP9q61iH6AHCREwbHEUyat5hwznmbiNJHyjx+otI63sQo
-FS37EazhqCEvt9jyvVSmB7kVTOLnIVATWDaUlPCLLvps09eRsz6aAa7RHCGd3x/W
-mRHxDCbeKL4ilpo/FPZhANdQImLmFovOtwZ6xawRWKPcRXhkaL24qQC0MLH9wmnY
-oM6EMioWUa0F11iFM99DTK+NF2Pk8vHNzm0Ep5g0SHzqnAIDDzeNTC9ogwsETqL5
-t7VY1GXuKWgta9L2q03X7FMEgjIc3lPgVLc0Ccx11MTgVzcIaLxFQ58oo+xFuc9I
-rBqjZgJwg5MTdZiyZesLJuV+YP+yRat3LifAwIZhloSBVPU6YKx/y30BHjDM8FP1
-OM2IzJLrafZDy034XyD4s62YsKrHMcQ3CeoQ80QjvSyWvSlvn2vEqrbWIZADi0d/
-8vgl44gF9g9yN++G6S7BsTJ5PNgv0jrRFu/RpEN1hVOuo+nBqFsvxW8CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn/share/hosts/edephas_tyil_net b/playbooks.d/vpn/share/hosts/edephas_tyil_net
deleted file mode 100644
index 6e095bb..0000000
--- a/playbooks.d/vpn/share/hosts/edephas_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.57.100.7/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEApxmzAXv4Mch5FP5AxHmpvHjkJGxcegbFzdFzHjhdLDJ9MQQZdM1p
-PomhyYXB9Gsq4oJIOcjqJJdbp4dchYGJ++eS3V1wwstLMTl/+kWZ4ojI9sb/J5rl
-a3gknTjipdUuoOpdkAkXKCbq9AXyFsvLr4Q6WaFpeTuIjNb2QgPOLUmcD1eNCdnn
-KcHQAGR3zRh3uu8zMkaJZwQDZAdRLV6b77OLe7PXCsYgQ68qw3uti3JENv8VC80T
-UxUmv8He7xgAqRCJbD3FH3WT2O63mK9jpnFj/BKDTm5k4hUDtZRY1O92JUqQAruw
-gq3I8mhSqFMkvt+S67u950hRzN4/ZGs7lzxRkDqDqLy+ZISN2cDpbX1i4WmZFfex
-zj7ZbmfsVzwSF/+K31AOQrODt79bGGFwjZgAVn9Cny/bysBxrOJy39D2Awioynpc
-mjICtRP7utpo959YmSNsEcjfamIHVfUOTsEoIYhYASmWRjrSF6v7j2bbC+aFOWsf
-yIRZc0EtH803/Ks++ieIDWFmhB0ydtkqFm8HK2eyqOqnlHTepmrDflkxfao3JTXP
-CbldDpUGKBcLZ5FNaJ5hlQHnJGzU+wbnc133cdYtg9vvhFVgameme8ElcOjZZxMJ
-fPWXMAWc2Szx3Hs/jlaTSIH2GoX1Rr2HdrrNg0qOG/qhLPNrtmrxH/sCAwEAAQ==
------END RSA PUBLIC KEY-----
-Ed25519PublicKey = 4ABczlbBBLs5WMztIzafWw1ozwKZVkj4/of3Jc6awiO
diff --git a/playbooks.d/vpn/share/hosts/gaeru_tyil_net b/playbooks.d/vpn/share/hosts/gaeru_tyil_net
deleted file mode 100644
index eba305b..0000000
--- a/playbooks.d/vpn/share/hosts/gaeru_tyil_net
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 37.48.120.26
-Subnet = 10.57.20.6/32
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA9NUrWO0L8lqrfs4BgZsLdfJZPfKx+Fi8P4k79CIBuVfkQ4OzJmoV
-ahupoOo5edjYLJK09epa9zFRc1DuaotYC7Wm9DdIF82WNZXN9x/Mvuq06WaKXBdj
-iTJKbYfVN/yv8Xfjzfp4DH3txwsq+9AuICHJkHOmb0lsDinpfbmP8C8ozBnutrLM
-XGaIzXzkV2NbunyjaiR7dho5+4P6wedck+IV63KRzepbX36OW9xImmEEpBPeMPzd
-VOgWs35FIgnE5uumXXfIax9CA9wFahvMYUlQbxA6kCg9PTteM3C44udFx8DxzGcR
-giKEbfxjcZ4pK9JG+LTxNZC2BK1gsUNw8sX6mEEY496cs0T10RWzRZM/HvMIpj1W
-5i72yh6kc8ieSr9hGIkm/oM/gwrFeC11PZQKis1P/0O5j7Lv6S7u6Edrpy/+WziV
-Yk10eZXzHcFuVAh9+wQUeD3v4bMQA/mE8RPI9JX4Xkpbu1LOhtglEwFU1CWlG179
-B990cfr3cjJkTqS7qEfWuNh2lQd4iwpgqyPZB7Dd7tHT5EKEZSZ+4+w9Xo8xfy0v
-7pdfImVHZ1PGVEsRk6AZZqcVcCRrjbKfqqL0m9JmB8vV5L3oZL/mXhFkh52aRMeZ
-tzODNlBH0LW2TVVrBw3DJxFyRCRYjk4At8jagVe9fYM4ERkTQxqCFi0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/playbooks.d/vpn/share/tinc-down-ifconfig b/playbooks.d/vpn/share/tinc-down-ifconfig
deleted file mode 100644
index 6563f07..0000000
--- a/playbooks.d/vpn/share/tinc-down-ifconfig
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-ifconfig "$INTERFACE" down
diff --git a/playbooks.d/vpn/share/tinc-down-ip b/playbooks.d/vpn/share/tinc-down-ip
deleted file mode 100644
index 800ebb3..0000000
--- a/playbooks.d/vpn/share/tinc-down-ip
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-ip link set "$INTERFACE" down
diff --git a/playbooks.d/vpn/share/tinc-up-ifconfig b/playbooks.d/vpn/share/tinc-up-ifconfig
deleted file mode 100644
index 66c897e..0000000
--- a/playbooks.d/vpn/share/tinc-up-ifconfig
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-ifconfig "$INTERFACE" inet ${ip4} netmask 255.255.0.0
diff --git a/playbooks.d/vpn/share/tinc-up-ip b/playbooks.d/vpn/share/tinc-up-ip
deleted file mode 100644
index 191d310..0000000
--- a/playbooks.d/vpn/share/tinc-up-ip
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-ip -4 addr add "${ip4}/16" dev "$INTERFACE"
-
-ip link set "$INTERFACE" up
diff --git a/playbooks.d/vpn/share/tinc.conf b/playbooks.d/vpn/share/tinc.conf
deleted file mode 100644
index 618a271..0000000
--- a/playbooks.d/vpn/share/tinc.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-Name = ${name}
-
-ConnectTo = caeghi_tyil_net
-ConnectTo = gaeru_tyil_net
diff --git a/playbooks.d/webserver-nginx/description.txt b/playbooks.d/webserver-nginx/description.txt
new file mode 100644
index 0000000..d902a81
--- /dev/null
+++ b/playbooks.d/webserver-nginx/description.txt
@@ -0,0 +1 @@
+Nginx webserver configuration
diff --git a/playbooks.d/webserver-nginx/etc/defaults b/playbooks.d/webserver-nginx/etc/defaults
new file mode 100644
index 0000000..9ecd4ae
--- /dev/null
+++ b/playbooks.d/webserver-nginx/etc/defaults
@@ -0,0 +1,4 @@
+pkg.certbot=certbox
+pkg.nginx=nginx
+
+svc.nginx=nginx
diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash
new file mode 100644
index 0000000..85c38be
--- /dev/null
+++ b/playbooks.d/webserver-nginx/playbook.bash
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+
+playbook_add()
+{
+ info "webserver/add" "Installing packages"
+ pkg install certbot nginx
+
+ info "webserver/add" "Create www user"
+ groupadd www
+ useradd \
+ --home-dir /var/www \
+ --gid www \
+ --system \
+ --shell /sbin/nologin \
+ www
+
+ info "webserver/add" "Cleaning up whatever the package manager did"
+ rm -frv -- "$(config "fs.etcdir")/nginx"
+
+ info "webserver/add" "Creating desired directory structure"
+ mkdir -pv -- \
+ "$(config "fs.etcdir")/nginx" \
+ "$(config "fs.etcdir")/nginx/sites-available.d" \
+ "$(config "fs.etcdir")/nginx/sites-available.d/http" \
+ "$(config "fs.etcdir")/nginx/sites-available.d/https" \
+ "$(config "fs.etcdir")/nginx/sites-enabled.d" \
+ "$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
+ "$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
+ "$(config "fs.etcdir")/nginx/snippets.d" \
+ /var/www
+
+ info "webserver/add" "Generating dhparam.pem"
+ openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096
+
+ info "webserver/add" "Running sync to get all configuration going"
+ playbook_sync
+
+ svc enable nginx
+ svc start nginx
+}
+
+playbook_sync()
+{
+ local snippets
+ local sites
+
+ notice "webserver/sync" "Updating nginx.conf"
+ file_template "nginx.conf" \
+ etc="$(config "fs.etcdir")" \
+ > "$(config "fs.etcdir")/nginx/nginx.conf"
+
+ notice "webserver/sync" "Updating mime.types"
+ file_template "mime.types" \
+ etc="$(config "fs.etcdir")" \
+ > "$(config "fs.etcdir")/nginx/mime.types"
+
+ notice "webserver/sync" "Updating cert.sh"
+ file_template "cert.sh" \
+ > "$(config "fs.bindir")/cert.sh" \
+ && chmod +x "$(config "fs.bindir")/cert.sh"
+
+ for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf
+ do
+ snippet="$(basename "$path")"
+
+ notice "webserver/sync" "Updating snippet $snippet"
+ file_template "snippets.d/$snippet" \
+ > "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
+ done
+
+ for path_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
+ do
+ dir="$(basename "$path_dir")"
+
+ for path_site in "$path_dir"/*
+ do
+ site="$(basename "$path_site")"
+
+ notice "webserver/sync" "Updating site $dir/$site"
+ file_template "sites.d/$dir/$site" \
+ > "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
+ done
+ done
+
+ notice "webserver/sync" "Set nginx permissions to www user"
+ chown -R www:www "$(config "fs.etcdir")/nginx"
+
+ notice "webserver/sync" "Renewing Let's Encrypt certificates"
+ certbot renew --no-random-sleep-on-renew
+
+ [[ "$BASHTARD_COMMAND" == "add" ]] && return
+
+ svc reload nginx
+}
+
+playbook_del()
+{
+ # Stop and remove the service
+ svc stop nginx
+ svc disable nginx
+
+ # Clean up resources
+ pkg uninstall nginx
+ rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme
+ userdel www
+ groupdel www
+}
diff --git a/playbooks.d/webserver-nginx/share/cert.sh b/playbooks.d/webserver-nginx/share/cert.sh
new file mode 100755
index 0000000..d290710
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/cert.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+main()
+{
+ certbot certonly \
+ --rsa-key-size 4096 \
+ --webroot -w /var/www/.acme \
+ -d "$1"
+}
+
+main "$@"
diff --git a/playbooks.d/webserver-nginx/share/mime.types b/playbooks.d/webserver-nginx/share/mime.types
new file mode 100644
index 0000000..cd3d700
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/mime.types
@@ -0,0 +1,88 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg svgz;
+ image/webp webp;
+
+ application/font-woff woff;
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
diff --git a/playbooks.d/webserver-nginx/share/nginx.conf b/playbooks.d/webserver-nginx/share/nginx.conf
new file mode 100644
index 0000000..834f220
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/nginx.conf
@@ -0,0 +1,23 @@
+user www;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+ worker_connections 768;
+}
+
+http {
+ include ${etc}/nginx/mime.types;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ default_type application/octet-stream;
+ gzip on;
+ sendfile on;
+ tcp_nopush on;
+ types_hash_max_size 2048;
+
+ include ${etc}/nginx/sites-enabled.d/http/*;
+ include ${etc}/nginx/sites-enabled.d/https/*;
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/_ b/playbooks.d/webserver-nginx/share/sites.d/http/_
new file mode 100644
index 0000000..6207cb2
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/_
@@ -0,0 +1,10 @@
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ server_name _;
+
+ location / {
+ return 404;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/church.scriptkitties b/playbooks.d/webserver-nginx/share/sites.d/http/church.scriptkitties
new file mode 100644
index 0000000..0af0235
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/church.scriptkitties
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name scriptkitties.church;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire
new file mode 100644
index 0000000..3fa9728
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/com.voidfire
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name voidfire.com;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/net.tyil b/playbooks.d/webserver-nginx/share/sites.d/http/net.tyil
new file mode 100644
index 0000000..31cca7e
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/net.tyil
@@ -0,0 +1,12 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name tyil.net;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.fglt b/playbooks.d/webserver-nginx/share/sites.d/http/nl.fglt
new file mode 100644
index 0000000..4d80a62
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.fglt
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name fglt.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil
new file mode 100644
index 0000000..b2c93db
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt
new file mode 100644
index 0000000..ecdfbe8
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name alt.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.imgur b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.imgur
new file mode 100644
index 0000000..4ae2082
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.imgur
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name imgur.alt.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.reddit b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.reddit
new file mode 100644
index 0000000..b1ba239
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.reddit
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name reddit.alt.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.twitter b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.twitter
new file mode 100644
index 0000000..4d537c4
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.alt.twitter
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name twitter.alt.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.cloud b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.cloud
new file mode 100644
index 0000000..7c3e941
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.cloud
@@ -0,0 +1,12 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name cloud.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.dist b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.dist
new file mode 100644
index 0000000..19bb5fc
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.dist
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name dist.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.git b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.git
new file mode 100644
index 0000000..92ce73e
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.git
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name git.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.home b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.home
new file mode 100644
index 0000000..70eeff7
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.home
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name home.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.homebrew b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.homebrew
new file mode 100644
index 0000000..5a87074
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.homebrew
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name homebrew.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.p b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.p
new file mode 100644
index 0000000..8d71cf8
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.p
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name p.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.radio b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.radio
new file mode 100644
index 0000000..e7adfaf
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.radio
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name radio.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.searx b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.searx
new file mode 100644
index 0000000..3ee75d4
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.searx
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name searx.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.tv b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.tv
new file mode 100644
index 0000000..9179cc9
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.tv
@@ -0,0 +1,12 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name tv.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.www b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.www
new file mode 100644
index 0000000..6370823
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.www
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name www.tyil.nl;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/pictures.memebooru b/playbooks.d/webserver-nginx/share/sites.d/http/pictures.memebooru
new file mode 100644
index 0000000..0aae163
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/pictures.memebooru
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name memebooru.pictures;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/work.tyil b/playbooks.d/webserver-nginx/share/sites.d/http/work.tyil
new file mode 100644
index 0000000..7b09142
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/work.tyil
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name tyil.work;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/church.scriptkitties b/playbooks.d/webserver-nginx/share/sites.d/https/church.scriptkitties
new file mode 100644
index 0000000..de07ad6
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/church.scriptkitties
@@ -0,0 +1,62 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name scriptkitties.church;
+
+ ssl_certificate /etc/letsencrypt/live/scriptkitties.church/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/scriptkitties.church/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+ include mime.types;
+
+ root /var/www/church.scriptkitties;
+ index index.php;
+
+ autoindex off;
+ fastcgi_param HTTPS on;
+ client_max_body_size 10m;
+ client_body_buffer_size 128k;
+
+ location / {
+ try_files $uri /index.php?pagename=$uri&$args;
+ }
+
+ location ^~ /.well-known/ {
+ allow all;
+ rewrite ^ /index.php?pagename=$uri;
+ }
+
+ location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
+ expires 30d;
+ try_files $uri /index.php?pagename=$uri&$args;
+ }
+
+ location ~* \.php$ {
+ try_files $uri =404;
+
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+
+ include /etc/nginx/snippets.d/fcgi.conf;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+ fastcgi_buffers 16 16k;
+ fastcgi_buffer_size 32k;
+ }
+
+ location ~* \.(tpl|md|tgz|log|out)$ {
+ deny all;
+ }
+
+ location ~ /\. {
+ deny all;
+ }
+
+ location ^~ /bin {
+ deny all;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire
new file mode 100644
index 0000000..4021ca0
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/com.voidfire
@@ -0,0 +1,19 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name voidfire.com;
+
+ ssl_certificate /etc/letsencrypt/live/voidfire.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/voidfire.com/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/www/com.voidfire;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/net.tyil b/playbooks.d/webserver-nginx/share/sites.d/https/net.tyil
new file mode 100644
index 0000000..89fe78e
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/net.tyil
@@ -0,0 +1,28 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name tyil.net;
+
+ ssl_certificate /etc/letsencrypt/live/tyil.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/tyil.net/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ auth_basic "Bad hacker!";
+ auth_basic_user_file /var/www/net.tyil/htaccess;
+
+ location /grafana/ {
+ proxy_pass http://127.0.0.1:35300/;
+ }
+
+ location /plausible/ {
+ proxy_pass http://127.0.0.1:8796/;
+ }
+
+ location /prometheus/ {
+ proxy_pass http://127.0.0.1:9090/;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.fglt b/playbooks.d/webserver-nginx/share/sites.d/https/nl.fglt
new file mode 100644
index 0000000..e52b6dc
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.fglt
@@ -0,0 +1,22 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name fglt.nl;
+
+ ssl_certificate /etc/letsencrypt/live/fglt.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/fglt.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ access_log /var/log/nginx/nl.fglt-access.log;
+ error_log /var/log/nginx/nl.fglt-error.log;
+
+ root /var/www/nl.fglt;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil
new file mode 100644
index 0000000..f80c4b6
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil
@@ -0,0 +1,24 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location ~ ^/.well-known/openpgpkey(.+)$ {
+ add_header Access-Control-Allow-Origin *;
+
+ root /var/wkd/nl.tyil;
+ try_files $1 =404;
+ }
+
+ location / {
+ return 301 https://www.tyil.nl$request_uri;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt
new file mode 100644
index 0000000..f3232c3
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt
@@ -0,0 +1,17 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name alt.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/alt.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/alt.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location = / {
+ return 301 https://www.tyil.nl/services;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.imgur b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.imgur
new file mode 100644
index 0000000..c0435f4
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.imgur
@@ -0,0 +1,20 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name imgur.alt.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/imgur.alt.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/imgur.alt.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://127.0.0.1:40648;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.reddit b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.reddit
new file mode 100644
index 0000000..a064c44
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.reddit
@@ -0,0 +1,20 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name reddit.alt.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/reddit.alt.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/reddit.alt.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://127.0.0.1:43559;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.twitter b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.twitter
new file mode 100644
index 0000000..52ebf0f
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.alt.twitter
@@ -0,0 +1,20 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name twitter.alt.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/twitter.alt.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/twitter.alt.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://127.0.0.1:25989;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.cloud b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.cloud
new file mode 100644
index 0000000..c4a86cb
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.cloud
@@ -0,0 +1,137 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name cloud.tyil.nl;
+
+ error_log /var/log/nginx/cloud-error.log;
+ access_log /var/log/nginx/cloud-access.log;
+
+ ssl_certificate /etc/letsencrypt/live/cloud.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/cloud.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/ssl.conf;
+ include /etc/nginx/snippets.d/certbot.conf;
+
+ # Set timeouts
+ fastcgi_read_timeout 300;
+ proxy_read_timeout 300;
+
+ # Set upload size
+ client_max_body_size 200M;
+ fastcgi_buffers 64 4K;
+
+ # Add (security) headers
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+ add_header X-Download-Options noopen;
+ add_header X-Permitted-Cross-Domain-Policies none;
+ add_header Referrer-Policy "no-referrer";
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ # Remove headers
+ fastcgi_hide_header X-Powered-By;
+
+ # Enable gzip
+ gzip off;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types
+ application/atom+xml
+ application/javascript
+ application/json
+ application/ld+json
+ application/manifest+json
+ application/rss+xml
+ application/vnd.geo+json
+ application/vnd.ms-fontobject
+ application/x-font-ttf
+ application/x-web-app-manifest+json
+ application/xhtml+xml
+ application/xml
+ font/opentype
+ image/bmp
+ image/svg+xml
+ image/x-icon
+ text/cache-manifest
+ text/css
+ text/plain
+ text/vcard
+ text/vnd.rim.location.xloc
+ text/vtt
+ text/x-component
+ text/x-cross-domain-policy
+ ;
+
+ root /var/www/nl.tyil.cloud;
+
+ location / {
+ rewrite ^ /index.php?$request_uri;
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ location ^~ /.well-known {
+ rewrite ^/\.well-known/host-meta.json /public.php?service=host-meta.json last;
+ rewrite ^/\.well-known/host-meta /public.php?service=host-meta last;
+ rewrite ^/\.well-known/webfinger /public.php?service=webfinger last;
+ rewrite ^/\.well-known/nodeinfo /public.php?service=nodeinfo last;
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+
+ #location ^~ /.well-known { return 301 /index.php$uri; }
+
+ try_files $uri $uri/ =404;
+ }
+
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+ deny all;
+ }
+
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+ deny all;
+ }
+
+ location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ include snippets.d/fcgi.conf;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param HTTPS on;
+ fastcgi_param modHeadersAvailable true;
+ fastcgi_param front_controller_active true;
+ fastcgi_pass localhost:9000;
+ fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+ }
+
+ location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+ try_files $uri/ =404;
+ index index.php;
+ }
+
+ location ~ \.(?:css|js|woff|svg|gif)$ {
+ try_files $uri /index.php$request_uri;
+ add_header Cache-Control "public, max-age=15778463";
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Robots-Tag none;
+ add_header X-Download-Options noopen;
+ add_header X-Permitted-Cross-Domain-Policies none;
+ access_log off;
+ }
+
+ location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+ try_files $uri /index.php$request_uri;
+ access_log off;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.dist b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.dist
new file mode 100644
index 0000000..79f8a3c
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.dist
@@ -0,0 +1,16 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name dist.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/dist.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/dist.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/www/nl.tyil.dist;
+ autoindex on;
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
new file mode 100644
index 0000000..65d1bb9
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
@@ -0,0 +1,30 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name git.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/git.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/git.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /usr/share/webapps/cgit/1.2.3-r100/htdocs;
+
+ location / {
+ try_files $uri @cgit;
+ }
+
+ location @cgit {
+ include snippets.d/uwsgi.conf;
+
+ gzip off;
+
+ uwsgi_modifier1 9;
+ #uwsgi_param PATH_INFO $fastcgi_path_info;
+
+ uwsgi_pass 127.0.0.1:1234;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.home b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.home
new file mode 100644
index 0000000..9683ccd
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.home
@@ -0,0 +1,52 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name home.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/home.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/home.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ return 301 https://www.tyil.nl$request_uri;
+ }
+
+ location ~ ^/~(.+?)(/.*)?$ {
+ alias /home/$1/www$2;
+ autoindex on;
+ }
+
+ location /git {
+ rewrite ^/git/(.*)$ https://git.tyil.nl/$1 redirect;
+ }
+
+ location /media {
+ alias /var/media;
+
+ satisfy any;
+
+ allow 127.0.0.1;
+ allow 10.57.0.0/16;
+ allow 192.168.178.0/24;
+ deny all;
+
+ auth_basic "pls no hack";
+ auth_basic_user_file "/var/media/.htpasswd";
+
+ autoindex on;
+ }
+
+ location /media/backups { deny all; }
+ location /media/nextcloud { deny all; }
+ location /media/pictures { deny all; }
+ location /media/recordings { deny all; }
+
+ location /packages {
+ alias /var/portage/packages;
+ autoindex on;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.homebrew b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.homebrew
new file mode 100644
index 0000000..2b8de15
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.homebrew
@@ -0,0 +1,19 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name homebrew.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/homebrew.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/homebrew.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/www/nl.tyil.homebrew;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.p b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.p
new file mode 100644
index 0000000..75c0e7a
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.p
@@ -0,0 +1,27 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name p.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/p.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/p.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/www/nl.tyil.p;
+
+ location = / {
+ return 301 https://www.tyil.nl/services/fiche/;
+ }
+
+ location ~ ^/(?.+)$ {
+ # Disassociate all filetypes and their Content-Type, and
+ # default everything to text/plain.
+ types { } default_type text/plain;
+
+ alias "/var/www/nl.tyil.p/${slug}/index.txt";
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.radio b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.radio
new file mode 100644
index 0000000..7098fc5
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.radio
@@ -0,0 +1,17 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name radio.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/radio.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/radio.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ location / {
+ proxy_pass http://127.0.0.1:8092/mpd.opus;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.searx b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.searx
new file mode 100644
index 0000000..bf461cf
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.searx
@@ -0,0 +1,25 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name searx.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/searx.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/searx.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/docker-compose/searx;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Scheme $scheme;
+
+ proxy_pass http://127.0.0.1:60474;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
new file mode 100644
index 0000000..093d938
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.tv
@@ -0,0 +1,19 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name tv.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/tv.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/tv.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/ssl.conf;
+ include /etc/nginx/snippets.d/certbot.conf;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $remote_addr;
+
+ proxy_pass http://127.0.0.1:8096;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www
new file mode 100644
index 0000000..3304c8f
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.www
@@ -0,0 +1,25 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name www.tyil.nl;
+
+ ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ root /var/www/nl.tyil.www/public;
+
+ error_page 404 /http-404.html;
+
+ location /atom.xml {
+ return 301 https://www.tyil.nl/posts/index.xml;
+ }
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/pictures.memebooru b/playbooks.d/webserver-nginx/share/sites.d/https/pictures.memebooru
new file mode 100644
index 0000000..9d524ef
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/pictures.memebooru
@@ -0,0 +1,28 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name memebooru.pictures;
+
+ ssl_certificate /etc/letsencrypt/live/memebooru.pictures/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/memebooru.pictures/privkey.pem;
+
+ include /etc/nginx/snippets.d/ssl.conf;
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+
+ client_max_body_size 100M;
+ client_body_timeout 30s;
+
+ location / {
+ proxy_pass http://127.0.0.1:50405;
+ proxy_set_header Host $http_host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Scheme $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Script-Name /szuru;
+ }
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/work.tyil b/playbooks.d/webserver-nginx/share/sites.d/https/work.tyil
new file mode 100644
index 0000000..d5a5dd9
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/work.tyil
@@ -0,0 +1,15 @@
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+
+ server_name tyil.work;
+
+ ssl_certificate /etc/letsencrypt/live/tyil.work/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/tyil.work/privkey.pem;
+
+ include /etc/nginx/snippets.d/certbot.conf;
+ include /etc/nginx/snippets.d/headers.conf;
+ include /etc/nginx/snippets.d/ssl.conf;
+
+ return 301 https://www.tyil.nl$request_uri;
+}
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/certbot.conf b/playbooks.d/webserver-nginx/share/snippets.d/certbot.conf
new file mode 100644
index 0000000..64c9195
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/snippets.d/certbot.conf
@@ -0,0 +1,5 @@
+# Certbot endpoint
+location /.well-known/acme-challenge {
+ root /var/www/.acme;
+ try_files $uri $uri/ =404;
+}
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/fcgi.conf b/playbooks.d/webserver-nginx/share/snippets.d/fcgi.conf
new file mode 100644
index 0000000..bc235bf
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/snippets.d/fcgi.conf
@@ -0,0 +1,27 @@
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
+
+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
+fastcgi_param HTTP_PROXY "";
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/headers.conf b/playbooks.d/webserver-nginx/share/snippets.d/headers.conf
new file mode 100644
index 0000000..c277e3d
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/snippets.d/headers.conf
@@ -0,0 +1,4 @@
+add_header Content-Security-Policy "default-src 'self'" always;
+add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf b/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf
new file mode 100644
index 0000000..68bcdf0
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf
@@ -0,0 +1,16 @@
+# SSL settings
+ssl_protocols TLSv1.3 TLSv1.2;
+
+ssl_buffer_size 4K;
+ssl_dhparam /etc/nginx/dhparam.pem;
+ssl_ecdh_curve secp521r1:secp384r1;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:le_nginx_SSL:2m;
+ssl_session_tickets off;
+ssl_session_timeout 1440m;
+
+# Ciphers
+ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA';
+
+# Additional headers
+add_header Strict-Transport-Security "max-age=63072000" always;
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/uwsgi.conf b/playbooks.d/webserver-nginx/share/snippets.d/uwsgi.conf
new file mode 100644
index 0000000..9d67d3d
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/snippets.d/uwsgi.conf
@@ -0,0 +1,20 @@
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
+
+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
+uwsgi_param HTTP_PROXY "";
diff --git a/playbooks.d/webserver/description.txt b/playbooks.d/webserver/description.txt
deleted file mode 100644
index d902a81..0000000
--- a/playbooks.d/webserver/description.txt
+++ /dev/null
@@ -1 +0,0 @@
-Nginx webserver configuration
diff --git a/playbooks.d/webserver/etc/defaults b/playbooks.d/webserver/etc/defaults
deleted file mode 100644
index 9ecd4ae..0000000
--- a/playbooks.d/webserver/etc/defaults
+++ /dev/null
@@ -1,4 +0,0 @@
-pkg.certbot=certbox
-pkg.nginx=nginx
-
-svc.nginx=nginx
diff --git a/playbooks.d/webserver/playbook.bash b/playbooks.d/webserver/playbook.bash
deleted file mode 100644
index 85c38be..0000000
--- a/playbooks.d/webserver/playbook.bash
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env bash
-
-playbook_add()
-{
- info "webserver/add" "Installing packages"
- pkg install certbot nginx
-
- info "webserver/add" "Create www user"
- groupadd www
- useradd \
- --home-dir /var/www \
- --gid www \
- --system \
- --shell /sbin/nologin \
- www
-
- info "webserver/add" "Cleaning up whatever the package manager did"
- rm -frv -- "$(config "fs.etcdir")/nginx"
-
- info "webserver/add" "Creating desired directory structure"
- mkdir -pv -- \
- "$(config "fs.etcdir")/nginx" \
- "$(config "fs.etcdir")/nginx/sites-available.d" \
- "$(config "fs.etcdir")/nginx/sites-available.d/http" \
- "$(config "fs.etcdir")/nginx/sites-available.d/https" \
- "$(config "fs.etcdir")/nginx/sites-enabled.d" \
- "$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
- "$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
- "$(config "fs.etcdir")/nginx/snippets.d" \
- /var/www
-
- info "webserver/add" "Generating dhparam.pem"
- openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096
-
- info "webserver/add" "Running sync to get all configuration going"
- playbook_sync
-
- svc enable nginx
- svc start nginx
-}
-
-playbook_sync()
-{
- local snippets
- local sites
-
- notice "webserver/sync" "Updating nginx.conf"
- file_template "nginx.conf" \
- etc="$(config "fs.etcdir")" \
- > "$(config "fs.etcdir")/nginx/nginx.conf"
-
- notice "webserver/sync" "Updating mime.types"
- file_template "mime.types" \
- etc="$(config "fs.etcdir")" \
- > "$(config "fs.etcdir")/nginx/mime.types"
-
- notice "webserver/sync" "Updating cert.sh"
- file_template "cert.sh" \
- > "$(config "fs.bindir")/cert.sh" \
- && chmod +x "$(config "fs.bindir")/cert.sh"
-
- for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf
- do
- snippet="$(basename "$path")"
-
- notice "webserver/sync" "Updating snippet $snippet"
- file_template "snippets.d/$snippet" \
- > "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
- done
-
- for path_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
- do
- dir="$(basename "$path_dir")"
-
- for path_site in "$path_dir"/*
- do
- site="$(basename "$path_site")"
-
- notice "webserver/sync" "Updating site $dir/$site"
- file_template "sites.d/$dir/$site" \
- > "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
- done
- done
-
- notice "webserver/sync" "Set nginx permissions to www user"
- chown -R www:www "$(config "fs.etcdir")/nginx"
-
- notice "webserver/sync" "Renewing Let's Encrypt certificates"
- certbot renew --no-random-sleep-on-renew
-
- [[ "$BASHTARD_COMMAND" == "add" ]] && return
-
- svc reload nginx
-}
-
-playbook_del()
-{
- # Stop and remove the service
- svc stop nginx
- svc disable nginx
-
- # Clean up resources
- pkg uninstall nginx
- rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme
- userdel www
- groupdel www
-}
diff --git a/playbooks.d/webserver/share/cert.sh b/playbooks.d/webserver/share/cert.sh
deleted file mode 100755
index d290710..0000000
--- a/playbooks.d/webserver/share/cert.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-main()
-{
- certbot certonly \
- --rsa-key-size 4096 \
- --webroot -w /var/www/.acme \
- -d "$1"
-}
-
-main "$@"
diff --git a/playbooks.d/webserver/share/mime.types b/playbooks.d/webserver/share/mime.types
deleted file mode 100644
index cd3d700..0000000
--- a/playbooks.d/webserver/share/mime.types
+++ /dev/null
@@ -1,88 +0,0 @@
-types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
-
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
-
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
-
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
-
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
-
- application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
-
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
-
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
-}
diff --git a/playbooks.d/webserver/share/nginx.conf b/playbooks.d/webserver/share/nginx.conf
deleted file mode 100644
index 834f220..0000000
--- a/playbooks.d/webserver/share/nginx.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-user www;
-worker_processes auto;
-pid /run/nginx.pid;
-
-events {
- worker_connections 768;
-}
-
-http {
- include ${etc}/nginx/mime.types;
-
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
-
- default_type application/octet-stream;
- gzip on;
- sendfile on;
- tcp_nopush on;
- types_hash_max_size 2048;
-
- include ${etc}/nginx/sites-enabled.d/http/*;
- include ${etc}/nginx/sites-enabled.d/https/*;
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/_ b/playbooks.d/webserver/share/sites.d/http/_
deleted file mode 100644
index 6207cb2..0000000
--- a/playbooks.d/webserver/share/sites.d/http/_
+++ /dev/null
@@ -1,10 +0,0 @@
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
-
- server_name _;
-
- location / {
- return 404;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/church.scriptkitties b/playbooks.d/webserver/share/sites.d/http/church.scriptkitties
deleted file mode 100644
index 0af0235..0000000
--- a/playbooks.d/webserver/share/sites.d/http/church.scriptkitties
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name scriptkitties.church;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/com.voidfire b/playbooks.d/webserver/share/sites.d/http/com.voidfire
deleted file mode 100644
index 3fa9728..0000000
--- a/playbooks.d/webserver/share/sites.d/http/com.voidfire
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name voidfire.com;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/net.tyil b/playbooks.d/webserver/share/sites.d/http/net.tyil
deleted file mode 100644
index 31cca7e..0000000
--- a/playbooks.d/webserver/share/sites.d/http/net.tyil
+++ /dev/null
@@ -1,12 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name tyil.net;
-
- include /etc/nginx/snippets.d/certbot.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.fglt b/playbooks.d/webserver/share/sites.d/http/nl.fglt
deleted file mode 100644
index 4d80a62..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.fglt
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name fglt.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil b/playbooks.d/webserver/share/sites.d/http/nl.tyil
deleted file mode 100644
index b2c93db..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt b/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt
deleted file mode 100644
index ecdfbe8..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name alt.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.imgur b/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.imgur
deleted file mode 100644
index 4ae2082..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.imgur
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name imgur.alt.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.reddit b/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.reddit
deleted file mode 100644
index b1ba239..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.reddit
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name reddit.alt.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.twitter b/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.twitter
deleted file mode 100644
index 4d537c4..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.alt.twitter
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name twitter.alt.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.cloud b/playbooks.d/webserver/share/sites.d/http/nl.tyil.cloud
deleted file mode 100644
index 7c3e941..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.cloud
+++ /dev/null
@@ -1,12 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name cloud.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.dist b/playbooks.d/webserver/share/sites.d/http/nl.tyil.dist
deleted file mode 100644
index 19bb5fc..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.dist
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name dist.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.git b/playbooks.d/webserver/share/sites.d/http/nl.tyil.git
deleted file mode 100644
index 92ce73e..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.git
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name git.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.home b/playbooks.d/webserver/share/sites.d/http/nl.tyil.home
deleted file mode 100644
index 70eeff7..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.home
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name home.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.homebrew b/playbooks.d/webserver/share/sites.d/http/nl.tyil.homebrew
deleted file mode 100644
index 5a87074..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.homebrew
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name homebrew.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.p b/playbooks.d/webserver/share/sites.d/http/nl.tyil.p
deleted file mode 100644
index 8d71cf8..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.p
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name p.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.radio b/playbooks.d/webserver/share/sites.d/http/nl.tyil.radio
deleted file mode 100644
index e7adfaf..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.radio
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name radio.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.searx b/playbooks.d/webserver/share/sites.d/http/nl.tyil.searx
deleted file mode 100644
index 3ee75d4..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.searx
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name searx.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.tv b/playbooks.d/webserver/share/sites.d/http/nl.tyil.tv
deleted file mode 100644
index 9179cc9..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.tv
+++ /dev/null
@@ -1,12 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name tv.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/nl.tyil.www b/playbooks.d/webserver/share/sites.d/http/nl.tyil.www
deleted file mode 100644
index 6370823..0000000
--- a/playbooks.d/webserver/share/sites.d/http/nl.tyil.www
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name www.tyil.nl;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/pictures.memebooru b/playbooks.d/webserver/share/sites.d/http/pictures.memebooru
deleted file mode 100644
index 0aae163..0000000
--- a/playbooks.d/webserver/share/sites.d/http/pictures.memebooru
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name memebooru.pictures;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/http/work.tyil b/playbooks.d/webserver/share/sites.d/http/work.tyil
deleted file mode 100644
index 7b09142..0000000
--- a/playbooks.d/webserver/share/sites.d/http/work.tyil
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
-
- server_name tyil.work;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/church.scriptkitties b/playbooks.d/webserver/share/sites.d/https/church.scriptkitties
deleted file mode 100644
index de07ad6..0000000
--- a/playbooks.d/webserver/share/sites.d/https/church.scriptkitties
+++ /dev/null
@@ -1,62 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name scriptkitties.church;
-
- ssl_certificate /etc/letsencrypt/live/scriptkitties.church/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/scriptkitties.church/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/ssl.conf;
- include mime.types;
-
- root /var/www/church.scriptkitties;
- index index.php;
-
- autoindex off;
- fastcgi_param HTTPS on;
- client_max_body_size 10m;
- client_body_buffer_size 128k;
-
- location / {
- try_files $uri /index.php?pagename=$uri&$args;
- }
-
- location ^~ /.well-known/ {
- allow all;
- rewrite ^ /index.php?pagename=$uri;
- }
-
- location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
- expires 30d;
- try_files $uri /index.php?pagename=$uri&$args;
- }
-
- location ~* \.php$ {
- try_files $uri =404;
-
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
- fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
-
- include /etc/nginx/snippets.d/fcgi.conf;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-
- fastcgi_buffers 16 16k;
- fastcgi_buffer_size 32k;
- }
-
- location ~* \.(tpl|md|tgz|log|out)$ {
- deny all;
- }
-
- location ~ /\. {
- deny all;
- }
-
- location ^~ /bin {
- deny all;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/com.voidfire b/playbooks.d/webserver/share/sites.d/https/com.voidfire
deleted file mode 100644
index 4021ca0..0000000
--- a/playbooks.d/webserver/share/sites.d/https/com.voidfire
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name voidfire.com;
-
- ssl_certificate /etc/letsencrypt/live/voidfire.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voidfire.com/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /var/www/com.voidfire;
-
- location / {
- try_files $uri $uri/ =404;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/net.tyil b/playbooks.d/webserver/share/sites.d/https/net.tyil
deleted file mode 100644
index 89fe78e..0000000
--- a/playbooks.d/webserver/share/sites.d/https/net.tyil
+++ /dev/null
@@ -1,28 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name tyil.net;
-
- ssl_certificate /etc/letsencrypt/live/tyil.net/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/tyil.net/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- auth_basic "Bad hacker!";
- auth_basic_user_file /var/www/net.tyil/htaccess;
-
- location /grafana/ {
- proxy_pass http://127.0.0.1:35300/;
- }
-
- location /plausible/ {
- proxy_pass http://127.0.0.1:8796/;
- }
-
- location /prometheus/ {
- proxy_pass http://127.0.0.1:9090/;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.fglt b/playbooks.d/webserver/share/sites.d/https/nl.fglt
deleted file mode 100644
index e52b6dc..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.fglt
+++ /dev/null
@@ -1,22 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name fglt.nl;
-
- ssl_certificate /etc/letsencrypt/live/fglt.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/fglt.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- access_log /var/log/nginx/nl.fglt-access.log;
- error_log /var/log/nginx/nl.fglt-error.log;
-
- root /var/www/nl.fglt;
-
- location / {
- try_files $uri $uri/ =404;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil b/playbooks.d/webserver/share/sites.d/https/nl.tyil
deleted file mode 100644
index f80c4b6..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil
+++ /dev/null
@@ -1,24 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location ~ ^/.well-known/openpgpkey(.+)$ {
- add_header Access-Control-Allow-Origin *;
-
- root /var/wkd/nl.tyil;
- try_files $1 =404;
- }
-
- location / {
- return 301 https://www.tyil.nl$request_uri;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt b/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt
deleted file mode 100644
index f3232c3..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt
+++ /dev/null
@@ -1,17 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name alt.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/alt.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/alt.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location = / {
- return 301 https://www.tyil.nl/services;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.imgur b/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.imgur
deleted file mode 100644
index c0435f4..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.imgur
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name imgur.alt.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/imgur.alt.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/imgur.alt.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
-
- proxy_pass http://127.0.0.1:40648;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.reddit b/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.reddit
deleted file mode 100644
index a064c44..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.reddit
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name reddit.alt.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/reddit.alt.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/reddit.alt.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
-
- proxy_pass http://127.0.0.1:43559;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.twitter b/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.twitter
deleted file mode 100644
index 52ebf0f..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.alt.twitter
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name twitter.alt.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/twitter.alt.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/twitter.alt.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
-
- proxy_pass http://127.0.0.1:25989;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud b/playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud
deleted file mode 100644
index c4a86cb..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.cloud
+++ /dev/null
@@ -1,137 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name cloud.tyil.nl;
-
- error_log /var/log/nginx/cloud-error.log;
- access_log /var/log/nginx/cloud-access.log;
-
- ssl_certificate /etc/letsencrypt/live/cloud.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/cloud.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/ssl.conf;
- include /etc/nginx/snippets.d/certbot.conf;
-
- # Set timeouts
- fastcgi_read_timeout 300;
- proxy_read_timeout 300;
-
- # Set upload size
- client_max_body_size 200M;
- fastcgi_buffers 64 4K;
-
- # Add (security) headers
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
- add_header Referrer-Policy "no-referrer";
- add_header X-Frame-Options "SAMEORIGIN";
- add_header Strict-Transport-Security "max-age=63072000" always;
-
- # Remove headers
- fastcgi_hide_header X-Powered-By;
-
- # Enable gzip
- gzip off;
- gzip_vary on;
- gzip_comp_level 4;
- gzip_min_length 256;
- gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
- gzip_types
- application/atom+xml
- application/javascript
- application/json
- application/ld+json
- application/manifest+json
- application/rss+xml
- application/vnd.geo+json
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/bmp
- image/svg+xml
- image/x-icon
- text/cache-manifest
- text/css
- text/plain
- text/vcard
- text/vnd.rim.location.xloc
- text/vtt
- text/x-component
- text/x-cross-domain-policy
- ;
-
- root /var/www/nl.tyil.cloud;
-
- location / {
- rewrite ^ /index.php?$request_uri;
- }
-
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
-
- location ^~ /.well-known {
- rewrite ^/\.well-known/host-meta.json /public.php?service=host-meta.json last;
- rewrite ^/\.well-known/host-meta /public.php?service=host-meta last;
- rewrite ^/\.well-known/webfinger /public.php?service=webfinger last;
- rewrite ^/\.well-known/nodeinfo /public.php?service=nodeinfo last;
-
- location = /.well-known/carddav { return 301 /remote.php/dav/; }
- location = /.well-known/caldav { return 301 /remote.php/dav/; }
-
- #location ^~ /.well-known { return 301 /index.php$uri; }
-
- try_files $uri $uri/ =404;
- }
-
- location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
- deny all;
- }
-
- location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
- deny all;
- }
-
- location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- include snippets.d/fcgi.conf;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true;
- fastcgi_param front_controller_active true;
- fastcgi_pass localhost:9000;
- fastcgi_intercept_errors on;
- fastcgi_request_buffering off;
- }
-
- location ~ ^/(?:updater|ocs-provider)(?:$|/) {
- try_files $uri/ =404;
- index index.php;
- }
-
- location ~ \.(?:css|js|woff|svg|gif)$ {
- try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header X-Download-Options noopen;
- add_header X-Permitted-Cross-Domain-Policies none;
- access_log off;
- }
-
- location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
- try_files $uri /index.php$request_uri;
- access_log off;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.dist b/playbooks.d/webserver/share/sites.d/https/nl.tyil.dist
deleted file mode 100644
index 79f8a3c..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name dist.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/dist.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/dist.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /var/www/nl.tyil.dist;
- autoindex on;
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.git b/playbooks.d/webserver/share/sites.d/https/nl.tyil.git
deleted file mode 100644
index 65d1bb9..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.git
+++ /dev/null
@@ -1,30 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name git.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/git.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/git.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /usr/share/webapps/cgit/1.2.3-r100/htdocs;
-
- location / {
- try_files $uri @cgit;
- }
-
- location @cgit {
- include snippets.d/uwsgi.conf;
-
- gzip off;
-
- uwsgi_modifier1 9;
- #uwsgi_param PATH_INFO $fastcgi_path_info;
-
- uwsgi_pass 127.0.0.1:1234;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.home b/playbooks.d/webserver/share/sites.d/https/nl.tyil.home
deleted file mode 100644
index 9683ccd..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.home
+++ /dev/null
@@ -1,52 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name home.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/home.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/home.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- return 301 https://www.tyil.nl$request_uri;
- }
-
- location ~ ^/~(.+?)(/.*)?$ {
- alias /home/$1/www$2;
- autoindex on;
- }
-
- location /git {
- rewrite ^/git/(.*)$ https://git.tyil.nl/$1 redirect;
- }
-
- location /media {
- alias /var/media;
-
- satisfy any;
-
- allow 127.0.0.1;
- allow 10.57.0.0/16;
- allow 192.168.178.0/24;
- deny all;
-
- auth_basic "pls no hack";
- auth_basic_user_file "/var/media/.htpasswd";
-
- autoindex on;
- }
-
- location /media/backups { deny all; }
- location /media/nextcloud { deny all; }
- location /media/pictures { deny all; }
- location /media/recordings { deny all; }
-
- location /packages {
- alias /var/portage/packages;
- autoindex on;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.homebrew b/playbooks.d/webserver/share/sites.d/https/nl.tyil.homebrew
deleted file mode 100644
index 2b8de15..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.homebrew
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name homebrew.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/homebrew.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/homebrew.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /var/www/nl.tyil.homebrew;
-
- location / {
- try_files $uri $uri/ =404;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.p b/playbooks.d/webserver/share/sites.d/https/nl.tyil.p
deleted file mode 100644
index 75c0e7a..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.p
+++ /dev/null
@@ -1,27 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name p.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/p.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/p.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /var/www/nl.tyil.p;
-
- location = / {
- return 301 https://www.tyil.nl/services/fiche/;
- }
-
- location ~ ^/(?.+)$ {
- # Disassociate all filetypes and their Content-Type, and
- # default everything to text/plain.
- types { } default_type text/plain;
-
- alias "/var/www/nl.tyil.p/${slug}/index.txt";
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.radio b/playbooks.d/webserver/share/sites.d/https/nl.tyil.radio
deleted file mode 100644
index 7098fc5..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.radio
+++ /dev/null
@@ -1,17 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name radio.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/radio.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/radio.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- location / {
- proxy_pass http://127.0.0.1:8092/mpd.opus;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.searx b/playbooks.d/webserver/share/sites.d/https/nl.tyil.searx
deleted file mode 100644
index bf461cf..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.searx
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name searx.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/searx.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/searx.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /var/docker-compose/searx;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header Connection $http_connection;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Scheme $scheme;
-
- proxy_pass http://127.0.0.1:60474;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.tv b/playbooks.d/webserver/share/sites.d/https/nl.tyil.tv
deleted file mode 100644
index 093d938..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.tv
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name tv.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/tv.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/tv.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/ssl.conf;
- include /etc/nginx/snippets.d/certbot.conf;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
-
- proxy_pass http://127.0.0.1:8096;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/nl.tyil.www b/playbooks.d/webserver/share/sites.d/https/nl.tyil.www
deleted file mode 100644
index 3304c8f..0000000
--- a/playbooks.d/webserver/share/sites.d/https/nl.tyil.www
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name www.tyil.nl;
-
- ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- root /var/www/nl.tyil.www/public;
-
- error_page 404 /http-404.html;
-
- location /atom.xml {
- return 301 https://www.tyil.nl/posts/index.xml;
- }
-
- location / {
- try_files $uri $uri/ =404;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/pictures.memebooru b/playbooks.d/webserver/share/sites.d/https/pictures.memebooru
deleted file mode 100644
index 9d524ef..0000000
--- a/playbooks.d/webserver/share/sites.d/https/pictures.memebooru
+++ /dev/null
@@ -1,28 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name memebooru.pictures;
-
- ssl_certificate /etc/letsencrypt/live/memebooru.pictures/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/memebooru.pictures/privkey.pem;
-
- include /etc/nginx/snippets.d/ssl.conf;
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
-
- client_max_body_size 100M;
- client_body_timeout 30s;
-
- location / {
- proxy_pass http://127.0.0.1:50405;
- proxy_set_header Host $http_host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Script-Name /szuru;
- }
-}
diff --git a/playbooks.d/webserver/share/sites.d/https/work.tyil b/playbooks.d/webserver/share/sites.d/https/work.tyil
deleted file mode 100644
index d5a5dd9..0000000
--- a/playbooks.d/webserver/share/sites.d/https/work.tyil
+++ /dev/null
@@ -1,15 +0,0 @@
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- server_name tyil.work;
-
- ssl_certificate /etc/letsencrypt/live/tyil.work/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/tyil.work/privkey.pem;
-
- include /etc/nginx/snippets.d/certbot.conf;
- include /etc/nginx/snippets.d/headers.conf;
- include /etc/nginx/snippets.d/ssl.conf;
-
- return 301 https://www.tyil.nl$request_uri;
-}
diff --git a/playbooks.d/webserver/share/snippets.d/certbot.conf b/playbooks.d/webserver/share/snippets.d/certbot.conf
deleted file mode 100644
index 64c9195..0000000
--- a/playbooks.d/webserver/share/snippets.d/certbot.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# Certbot endpoint
-location /.well-known/acme-challenge {
- root /var/www/.acme;
- try_files $uri $uri/ =404;
-}
diff --git a/playbooks.d/webserver/share/snippets.d/fcgi.conf b/playbooks.d/webserver/share/snippets.d/fcgi.conf
deleted file mode 100644
index bc235bf..0000000
--- a/playbooks.d/webserver/share/snippets.d/fcgi.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-fastcgi_param QUERY_STRING $query_string;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;
-
-fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
-fastcgi_param REQUEST_SCHEME $scheme;
-fastcgi_param HTTPS $https if_not_empty;
-
-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
-
-# PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
-
-# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
-fastcgi_param HTTP_PROXY "";
diff --git a/playbooks.d/webserver/share/snippets.d/headers.conf b/playbooks.d/webserver/share/snippets.d/headers.conf
deleted file mode 100644
index c277e3d..0000000
--- a/playbooks.d/webserver/share/snippets.d/headers.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-add_header Content-Security-Policy "default-src 'self'" always;
-add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-add_header X-Content-Type-Options "nosniff" always;
-add_header X-Frame-Options "SAMEORIGIN" always;
diff --git a/playbooks.d/webserver/share/snippets.d/ssl.conf b/playbooks.d/webserver/share/snippets.d/ssl.conf
deleted file mode 100644
index 68bcdf0..0000000
--- a/playbooks.d/webserver/share/snippets.d/ssl.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# SSL settings
-ssl_protocols TLSv1.3 TLSv1.2;
-
-ssl_buffer_size 4K;
-ssl_dhparam /etc/nginx/dhparam.pem;
-ssl_ecdh_curve secp521r1:secp384r1;
-ssl_prefer_server_ciphers on;
-ssl_session_cache shared:le_nginx_SSL:2m;
-ssl_session_tickets off;
-ssl_session_timeout 1440m;
-
-# Ciphers
-ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA';
-
-# Additional headers
-add_header Strict-Transport-Security "max-age=63072000" always;
diff --git a/playbooks.d/webserver/share/snippets.d/uwsgi.conf b/playbooks.d/webserver/share/snippets.d/uwsgi.conf
deleted file mode 100644
index 9d67d3d..0000000
--- a/playbooks.d/webserver/share/snippets.d/uwsgi.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-
-uwsgi_param QUERY_STRING $query_string;
-uwsgi_param REQUEST_METHOD $request_method;
-uwsgi_param CONTENT_TYPE $content_type;
-uwsgi_param CONTENT_LENGTH $content_length;
-
-uwsgi_param REQUEST_URI $request_uri;
-uwsgi_param PATH_INFO $document_uri;
-uwsgi_param DOCUMENT_ROOT $document_root;
-uwsgi_param SERVER_PROTOCOL $server_protocol;
-uwsgi_param REQUEST_SCHEME $scheme;
-uwsgi_param HTTPS $https if_not_empty;
-
-uwsgi_param REMOTE_ADDR $remote_addr;
-uwsgi_param REMOTE_PORT $remote_port;
-uwsgi_param SERVER_PORT $server_port;
-uwsgi_param SERVER_NAME $server_name;
-
-# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
-uwsgi_param HTTP_PROXY "";
diff --git a/registry.d/anoia.tyil.net b/registry.d/anoia.tyil.net
index d98373d..98cfbf8 100644
--- a/registry.d/anoia.tyil.net
+++ b/registry.d/anoia.tyil.net
@@ -1 +1 @@
-vpn
+vpn-tinc
diff --git a/registry.d/caeghi.tyil.net b/registry.d/caeghi.tyil.net
index d98373d..98cfbf8 100644
--- a/registry.d/caeghi.tyil.net
+++ b/registry.d/caeghi.tyil.net
@@ -1 +1 @@
-vpn
+vpn-tinc
diff --git a/registry.d/edephas.tyil.net b/registry.d/edephas.tyil.net
index d77aaf3..732f695 100644
--- a/registry.d/edephas.tyil.net
+++ b/registry.d/edephas.tyil.net
@@ -1,2 +1,2 @@
-vpn
-webserver
+vpn-tinc
+webserver-nginx
diff --git a/registry.d/gaeru.tyil.net b/registry.d/gaeru.tyil.net
index d98373d..98cfbf8 100644
--- a/registry.d/gaeru.tyil.net
+++ b/registry.d/gaeru.tyil.net
@@ -1 +1 @@
-vpn
+vpn-tinc
--
cgit v1.1