chore(deps): update dgtlmoon/changedetection.io docker tag to v0.48.05 - abandoned

.github/renovate.json

@@ -9,5 +9,11 @@
       "automerge": true
     }
   ],
-  "baseBranches": ["dev"]
+  "baseBranches": ["dev"],
+  "schedule": [
+    "before 17:00 on Thursday"
+  ],
+  "prCreation": "single",
+  "prConcurrentLimit": 1
 }
+

group_vars/secret.yml

@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+38316238616165646261346363333463333463303832306331393362376335373263623864356631
+6162653237666238366335323531353330656238343962390a386232333632373533333065373430
+63323839653135333832613364333337346330626338626538636538616462616633663162313363
+3763306239646133390a336564636665333762616361383834383637343062663934323264613736
+38316137313563636236633132626530636336613435623462623463306663353133646535623335
+33343762383262393463626662323735393039613734316362396630663063633065353431303233
+34383933353930383537343939306364343861636633373530663832633061366535656435333439
+66656537316465646635383361313264353632356130393462346131623337396536333436613166
+64323031663335386435633038326630623735366362363635353134313730313838393731303665
+66636539663462636138663232363766396638646336326637643932333263633963363237653933
+39396434333035653039343030373736613533656632383934393063643666663761653834333463
+64353239373664356364663736626265313835346666346338653036613564353339343237613232
+34366230396530366333353339393037613036353436373364386638383666356539663962313461
+62643332633436313235656261313837353336626632306431306538323433396366646466383630
+34623632333939633833343437383062613038393536383338393439353533646464663635656461
+38343061356338326666346135393764333230353966386537383630386130303061363433646363
+36643266393639646363626235613566366139373263373663356632323332616465

main.yml

@@ -14,3 +14,10 @@
   roles:
     - role: docker
       tags: docker
+
+- name: Configure webserver
+  hosts: webserver
+  become: true
+  roles:
+    - role: webserver
+      tags: webserver

playbook_docker.yml

@@ -3,6 +3,10 @@
   hosts: docker
   strategy: "{{ ansible_strategy | default('ansible.builtin.linear') }}"
   become: true
-  roles:
-    - role: docker
-      tags: docker
+
+  tasks:
+    - name: Run docker compose tasks
+      ansible.builtin.include_role:
+        name: docker
+        tasks_from: compose
+      when: docker_services is defined

playbook_http.yml

@@ -0,0 +1,10 @@
+---
+- name: Configure Webserver
+  hosts: webserver
+  become: true
+
+  tasks:
+    - name: Run HTTP tasks
+      ansible.builtin.include_role:
+        name: webserver
+        tasks_from: http.yml

requirements.yml

@@ -1,3 +1,4 @@
 ---
 collections:
   - name: community.docker
+  - name: community.crypto

roles/base/files/home/zshrc

@@ -1,7 +1,15 @@
 # MANAGED BY ANSIBLE
 export ZSH="$HOME/.oh-my-zsh"
 ZSH_THEME="robbyrussell"
-plugins=(git command-not-found zsh-autosuggestions zsh-syntax-highlighting)
+plugins=(git 
+         command-not-found 
+         zsh-autosuggestions
+         zsh-syntax-highlighting)
+DISABLE_AUTO_UPDATE="true"
+ENABLE_CORRECTION="true"
+COMPLETION_WAITING_DOTS="true"
+HIST_STAMPS="dd.mm.yyyy"
+
 source $ZSH/oh-my-zsh.sh
 
 export PATH=$PATH:~/.local/bin

roles/base/tasks/ssh.yml

@@ -7,6 +7,20 @@
     group: "{{ username }}"
     mode: "0700"
 
+- name: Check if SSH private key already exists
+  ansible.builtin.stat:
+    path: /home/{{ username }}/.ssh/id_ed25519
+  register: ssh_key_stat
+
+- name: Generate SSH key pair if it does not exist
+  community.crypto.openssh_keypair:
+    path: /home/{{ username }}/.ssh/id_ed25519
+    type: ed25519
+    owner: "{{ username }}"
+    group: "{{ username }}"
+    mode: "0600"
+  when: not ssh_key_stat.stat.exists
+
 - name: Add specific SSH key to authorized_keys
   ansible.builtin.lineinfile:
     path: /home/{{ username }}/.ssh/authorized_keys

roles/docker/files/change/docker-compose.yml

@@ -2,7 +2,7 @@
 version: "3"
 services:
   url:
-    image: dgtlmoon/changedetection.io:0.45.12
+    image: dgtlmoon/changedetection.io:0.48.05
     container_name: "{{ service_name }}"
     environment:
       - BASE_URL=https://{{ service_name }}.romanpeters.nl

roles/docker/tasks/compose.yml

@@ -12,12 +12,6 @@
     dest: /srv/git/infrastructure_docker
     version: main
 
-- name: Delete existing index.yml if it exists
-  ansible.builtin.file:
-    path: /tmp/index.yml
-    state: absent
-  changed_when: false
-
 - name: Fetch remote variable file
   ansible.builtin.fetch:
     src: /srv/git/infrastructure_docker/index.yml

roles/service/files/ebooks.romanpeters.nl

@@ -0,0 +1,6 @@
+	      proxy_bind $server_addr;
+        proxy_set_header Upgrade $http_upgrade;
+	      proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header X-Script-Name /calibre;

roles/service/templates/nginx_site.j2

@@ -6,13 +6,6 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
 
     location / {
-{% if not service_remote %}
-        allow 100.64.0.0/10;
-        allow 10.10.10.0/24;
-        allow 10.10.20.0/24;
-        deny all;
-{% endif %}
-
 {% if service_alias %}
         if ($host != '{{ service_name }}.{{ domain }}') {
             return 301 https://{{ service_name }}.{{ domain }}$request_uri;
@@ -23,12 +16,16 @@ server {
 {% if service_ssl is defined and service_ssl %}
         proxy_ssl_verify off;
 {% endif %}
+{% if service_name == 'ebooks' %}
+        {{ lookup('file', 'files/ebooks.romanpeters.nl') }}
+{% else %}
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
+{% endif %}
     }
 }

roles/webserver/files/etc/nginx/nginx.conf

@@ -0,0 +1,62 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+    worker_connections 768;
+    # multi_accept on;
+}
+
+http {
+
+    ##
+    # Basic Settings
+    ##
+
+    sendfile on;
+    tcp_nopush on;
+    types_hash_max_size 2048;
+    # server_tokens off;
+
+    # server_names_hash_bucket_size 64;
+    # server_name_in_redirect off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ##
+    # SSL Settings
+    ##
+
+    ssl_protocols TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+    ##
+    # Logging Settings
+    ##
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+
+    ##
+    # Virtual Host Configs
+    ##
+
+    # Redirect HTTP to HTTPS
+    server {
+        listen 80;
+        server_name _;
+        return 301 https://$host$request_uri;
+    }
+
+    # Include site configurations
+    include /etc/nginx/sites-enabled/*;
+}

roles/webserver/files/etc/nginx/sites-available/default_site

@@ -0,0 +1,22 @@
+server {
+    listen 443 default_server;
+    server_name _;
+
+    ssl_certificate /etc/letsencrypt/live/romanpeters.nl/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/romanpeters.nl/privkey.pem;
+
+    location ~* \.(css|ico)$ {
+        root /var/www/html/romanpeters.nl;
+        try_files $uri =404;
+    }
+
+    error_page 404 /404.html;
+    location = /404.html {
+        root /var/www/html/romanpeters.nl;
+        internal;
+    }
+
+    location / {
+        return 404;
+    }
+}

roles/webserver/files/etc/nginx/sites-available/romanpeters.nl

@@ -0,0 +1,18 @@
+server {
+    listen 443;
+    server_name romanpeters.nl www.romanpeters.nl;
+
+    ssl_certificate /etc/letsencrypt/live/romanpeters.nl/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/romanpeters.nl/privkey.pem;
+
+    root /var/www/html/romanpeters.nl;
+
+    location = / {
+      return 301 https://hello.romanpeters.nl/;
+    }
+
+    location / {
+      try_files $uri $uri.html $uri/ =404;
+      error_page 404 /404.html;
+    }
+}

roles/webserver/files/var/www/html/romanpeters.nl/403.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>403 - Access denied</title>
+    <link rel="stylesheet" href="styles.css">
+</head>
+<body>
+    <div class="container">
+        <h1>access denied</h1>
+        <a href="https://romanpeters.nl/">Go back to homepage</a>
+    </div>
+</body>
+</html>

roles/webserver/files/var/www/html/romanpeters.nl/404.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>404 - Page Not Found</title>
+    <link rel="stylesheet" href="styles.css">
+</head>
+<body>
+    <div class="container">
+        <h1>oops!</h1>
+        <p>This page doesn't exist.</p>
+        <a href="/">Go back to homepage</a>
+    </div>
+</body>
+</html>

roles/webserver/files/var/www/html/romanpeters.nl/styles.css

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>403 - Access denied</title>
+    <link rel="stylesheet" href="styles.css">
+</head>
+<body>
+    <div class="container">
+        <h1>access denied</h1>
+        <a href="https://romanpeters.nl/">Go back to homepage</a>
+    </div>
+</body>
+</html>
+5:52:41 [romanpeters@webserver ~]$ cat /var/www/html/romanpeters.nl/styles.css
+body {
+    margin: 0;
+    padding: 0;
+    font-family: Arial, sans-serif;
+    background-color: #f7f7f7;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 100vh;
+}
+
+.container {
+    text-align: center;
+}
+
+h1 {
+    font-size: 4rem;
+    color: #333;
+    margin-bottom: 20px;
+}
+
+p {
+    font-size: 1.2rem;
+    color: #666;
+    margin-bottom: 30px;
+}
+
+a {
+    color: #007bff;
+    text-decoration: none;
+    font-size: 1.1rem;
+    transition: color 0.3s;
+}
+
+a:hover {
+    color: #0056b3;
+}

roles/webserver/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart nginx proxy
+  ansible.builtin.service:
+    name: nginx
+    state: restarted
+  delegate_to: "{{ webserver_host }}"

roles/webserver/tasks/http.yml

@@ -0,0 +1,29 @@
+---
+- name: Clone HTTP Git Repository to /srv/git
+  ansible.builtin.git:
+    repo: https://github.com/romanpeters/infrastructure_http.git
+    dest: /srv/git/infrastructure_http
+    version: main
+
+- name: Fetch remote variable file
+  ansible.builtin.fetch:
+    src: /srv/git/infrastructure_http/index.yml
+    dest: /tmp/index_http.yml
+    flat: true
+
+- name: Load docker compose variables from index.yml
+  ansible.builtin.include_vars:
+    file: /tmp/index_http.yml
+
+- name: Add service
+  ansible.builtin.include_role:
+    name: service
+  vars:
+    service_ip: "{{ item.ip }}"
+    service_name: "{{ item.name }}"
+    service_path: "{{ item.path | default('') }}"
+    service_alias: "{{ item.alias | default([]) }}"
+    service_port: "{{ item.port | default(80) }}"
+    service_remote: "{{ item.remote | default(false) }}"
+    service_ssl: "{{ item.ssl | default(false) }}"
+  loop: "{{ infrastructure_http }}"