diff --git a/group_vars/publicservers/vars.yml b/group_vars/publicservers/vars.yml index 7cb216d..9676e2d 100644 --- a/group_vars/publicservers/vars.yml +++ b/group_vars/publicservers/vars.yml @@ -4,6 +4,7 @@ apps_include: - caddy - searxng + - website - watchtower searxng_secret_key: "{{ vault_searxng_secret_key }}" diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml index 96015e4..1db4f70 100644 --- a/roles/apps/defaults/main.yml +++ b/roles/apps/defaults/main.yml @@ -66,6 +66,20 @@ apps_vars: extra_tasks: false version: latest + tor: + backup: false + sender: false + extra_tasks: false + version: latest + + website: + backup: false + sender: false + extra_tasks: false + domain: samsapti.dev + onion: mldhltdackluvnqso7vk2azcg3ghjxbpw4im6alubymqkonb4kppqcqd.onion + version: latest + restic: backup: false sender: false diff --git a/roles/apps/templates/caddy/Caddyfile.j2 b/roles/apps/templates/caddy/Caddyfile.j2 index acf35eb..66a5f1c 100644 --- a/roles/apps/templates/caddy/Caddyfile.j2 +++ b/roles/apps/templates/caddy/Caddyfile.j2 @@ -75,3 +75,39 @@ } } {% endif %} + +{% if 'website' in apps_include %} +{{ apps_base_domain }}, +www.{{ apps_base_domain }}, +www.{{ apps_vars.website.domain }} { + tls {{ tls_email }} + + log { + output discard + } + + + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + -Server + } + + redir https://{{ apps_vars.website.domain }}{uri} +} + +{{ apps_vars.website.domain }} { + tls {{ tls_email }} + + log { + output discard + } + + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + Onion-Location "http://{{ apps_vars.website.onion }}{uri}" + -Server + } + + reverse_proxy website:80 +} +{% endif %} \ No newline at end of file diff --git a/roles/apps/templates/compose-files/searxng.yml.j2 b/roles/apps/templates/compose-files/searxng.yml.j2 index eb26641..133f3a5 100644 --- a/roles/apps/templates/compose-files/searxng.yml.j2 +++ b/roles/apps/templates/compose-files/searxng.yml.j2 @@ -19,8 +19,6 @@ services: app: image: searxng/searxng:{{ apps_vars.searxng.version }} restart: always - environment: - SEARXNG_BASE_URL: https://{{ apps_vars.searxng.domain }} networks: default: {{ apps_shared_docker_network }}: diff --git a/roles/apps/templates/compose-files/website.yml.j2 b/roles/apps/templates/compose-files/website.yml.j2 new file mode 100644 index 0000000..208b268 --- /dev/null +++ b/roles/apps/templates/compose-files/website.yml.j2 @@ -0,0 +1,17 @@ +{# code: language=ansible-jinja #} +# THIS FILE IS MANAGED BY ANSIBLE + +version: "3.8" + +services: + app: + image: samsapti/website:{{ apps_vars.website.version }} + restart: always + networks: + {{ apps_shared_docker_network }}: + aliases: + - website + +networks: + {{ apps_shared_docker_network }}: + external: true diff --git a/roles/apps/templates/searxng/settings.yml.j2 b/roles/apps/templates/searxng/settings.yml.j2 index 95259fc..6b07e21 100644 --- a/roles/apps/templates/searxng/settings.yml.j2 +++ b/roles/apps/templates/searxng/settings.yml.j2 @@ -1,18 +1,18 @@ +{# code: language=ansible-jinja #} # THIS FILE IS MANAGED BY ANSIBLE -# vim: ft=yaml -# code: language=yaml ---- + use_default_settings: true general: debug: false instance_name: Sam's SearXNG - privacypolicy_url: https://samsapti.dev/privacy - contact_url: https://samsapti.dev/contact + privacypolicy_url: https://{{ apps_vars.website.domain }}/privacy + contact_url: https://{{ apps_vars.website.domain }}/contact enable_metrics: true server: - secret_key: "{{ searxng_secret_key }}" + base_url: https://{{ apps_vars.searxng.domain }} + secret_key: {{ searxng_secret_key }} image_proxy: true http_protocol_version: '1.1' method: GET