aboutsummaryrefslogtreecommitdiff
path: root/roles/ssh-nginx-multiplex/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/ssh-nginx-multiplex/tasks')
-rw-r--r--roles/ssh-nginx-multiplex/tasks/main.yaml1
-rw-r--r--roles/ssh-nginx-multiplex/tasks/ssh_nginx_setup.yaml76
2 files changed, 77 insertions, 0 deletions
diff --git a/roles/ssh-nginx-multiplex/tasks/main.yaml b/roles/ssh-nginx-multiplex/tasks/main.yaml
new file mode 100644
index 0000000..649b41b
--- /dev/null
+++ b/roles/ssh-nginx-multiplex/tasks/main.yaml
@@ -0,0 +1 @@
+- import_tasks: tasks/ssh_nginx_setup.yaml
diff --git a/roles/ssh-nginx-multiplex/tasks/ssh_nginx_setup.yaml b/roles/ssh-nginx-multiplex/tasks/ssh_nginx_setup.yaml
new file mode 100644
index 0000000..beb0910
--- /dev/null
+++ b/roles/ssh-nginx-multiplex/tasks/ssh_nginx_setup.yaml
@@ -0,0 +1,76 @@
+- block:
+ - name: install required packages
+ apt:
+ name:
+ - openssl
+ - nginx
+ - sslh
+ - ufw
+ state: present
+ update_cache: true
+
+ - name: deploy index.html
+ template:
+ src: index.html.j2
+ dest: /var/www/html/index.html
+ owner: www-data
+ group: www-data
+ mode: '0644'
+
+ - name: ensure /var/www/html directory permissions
+ file:
+ path: /var/www/html
+ state: directory
+ owner: www-data
+ group: www-data
+ mode: '0755'
+
+ - name: generate self-signed ssl certificate
+ command: >
+ openssl req -x509 -nodes -days 365 -newkey rsa:2048
+ -keyout /etc/ssl/private/nginx-selfsigned.key
+ -out /etc/ssl/certs/nginx-selfsigned.crt
+ -subj "/CN=localhost"
+ args:
+ creates: /etc/ssl/certs/nginx-selfsigned.crt
+
+ - name: deploy nginx.conf
+ template:
+ src: nginx.conf.j2
+ dest: /etc/nginx/nginx.conf
+ owner: root
+ group: root
+ mode: '0644'
+ notify: restart nginx
+
+ - name: deploy sslh config file
+ template:
+ src: sslh.j2
+ dest: /etc/default/sslh
+ owner: root
+ group: root
+ mode: '0644'
+ notify: restart sslh
+
+ - name: allow ssh port and enable ufw
+ ufw:
+ rule: allow
+ port: "{{ internal_sshd_port }}"
+ proto: tcp
+ notify:
+ - enable ufw
+ - restart ufw
+
+ - name: allow http port and enable ufw
+ ufw:
+ rule: allow
+ port: "{{ public_sslh_port }}"
+ proto: tcp
+ notify:
+ - enable ufw
+ - restart ufw
+
+ when:
+ - public_sslh_port is defined
+ - internal_nginx_port is defined
+ - internal_sshd_port is defined
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 02:38:40 +0000