about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--certs.yml26
-rw-r--r--compose/cs/cs.py11
-rw-r--r--docker.yml10
-rw-r--r--domains.yml1
-rw-r--r--templates/nginx.conf.j25
-rw-r--r--templates/wg.conf.j222
-rw-r--r--wireguard.yml88
7 files changed, 35 insertions, 128 deletions
diff --git a/certs.yml b/certs.yml
index 6f747ba..7a9b036 100644
--- a/certs.yml
+++ b/certs.yml
@@ -1,22 +1,26 @@
 ---
 - name: Certbot
   hosts: tamriel
-  remote_user: ansible_worker
+  remote_user: root
   tasks:
   - synchronize:
       src: ~/.ovh/
       dest: ~/ovh
-  - docker_container:
-      image: certbot/dns-ovh
+  - containers.podman.podman_container:
+      image: docker.io/certbot/dns-ovh
       name: certbot-ovh
-      auto_remove: true
-      cleanup: true
-      detach: false
+      #rm: true
+      #detach: false
       volumes:
         - /etc/letsencrypt:/etc/letsencrypt:rw
         - /var/lib/letsencrypt:/var/lib/letsencrypt:rw
-        - /home/ansible_worker/ovh:/opt/ovh:ro
-      command: certonly --dns-ovh --dns-ovh-propagation-seconds 59 --dns-ovh-credentials /opt/ovh/credentials.ini -d "dybiec.info,*.dybiec.info"
-  - file:
-      path: ~/ovh
-      state: absent
+        - /var/log/letsencrypt:/var/log/letsencrypt:rw
+        - /home/pawel/ovh:/opt/ovh:ro
+      network: slirp4netns
+      command: certonly --dns-ovh --dns-ovh-propagation-seconds 59 --dns-ovh-credentials /opt/ovh/credentials.ini -d dybiec.info,*.dybiec.info --agree-tos -m pawel+letsencrypt@dybiec.info -v
+#  - containers.podman.podman_container:
+#      name: certbot-ovh
+#      state: absent
+#  - file:
+#      path: ~/ovh
+#      state: absent
diff --git a/compose/cs/cs.py b/compose/cs/cs.py
index fdb32fd..1912886 100644
--- a/compose/cs/cs.py
+++ b/compose/cs/cs.py
@@ -2,7 +2,7 @@ import calendar
 import datetime
 import random
 from typing import List, Tuple
-from flask import Flask, render_template
+from flask import Flask, render_template, redirect, url_for
 app = Flask("Today's maps")
 all_maps = [ "mirage 🇲🇦",
          "inferno 🔥",
@@ -16,8 +16,8 @@ all_maps = [ "mirage 🇲🇦",
          "cache ☭",
          "agency 🏢",
          "office 🖥",
-         "grind 🚛",
-         "mocha ☕"]
+         "basalt 🌈⛰️",
+         "insertion 🚓"]
 #maps = [ all_maps[i] for i in [0,1,2,3,4,5,6]]
 maps = all_maps
 LOOKAHEAD=7
@@ -82,8 +82,11 @@ def get_map_schedule(from_date: datetime.date, to_date: datetime.date, number_of
         output.append((day_no_to_date(day_no), maps_for_day))
     return output
 
-
 @app.route("/")
+def main():
+    return redirect(url_for('r3pack'))
+
+@app.route("/cielak")
 def cielak():
     return render_template("main.html", maps=maps_of_current_week())
 
diff --git a/docker.yml b/docker.yml
index 7994895..253c8b8 100644
--- a/docker.yml
+++ b/docker.yml
@@ -82,22 +82,28 @@
     containers.podman.podman_image:
       name: dybiec.info/counter
       path: "{{docker_compose_dir}}/app"
+      pull: no
+      force: yes
   - name: counter
     tags: ["podman", "counter"]
     containers.podman.podman_container:
       name: counter_app
-      image: dybiec.info/counter
+      image: dybiec.info/counter:latest
+      image_strict: yes
       pod: "counter"
   - name: csgo image
     tags: ["podman", "csgo"]
     containers.podman.podman_image:
       name: dybiec.info/csgo
       path: "{{docker_compose_dir}}/cs/"
+      pull: no
+      force: yes
   - name: csgo
     tags: ["podman", "csgo"]
     containers.podman.podman_container:
       name: cs
-      image: dybiec.info/csgo
+      image: dybiec.info/csgo:latest
+      image_strict: yes
       ports:
       - "127.0.0.1:{{domains.cs.proxy.port}}:5000"
   - name: openvpn
diff --git a/domains.yml b/domains.yml
index 879a74b..f64487d 100644
--- a/domains.yml
+++ b/domains.yml
@@ -11,6 +11,7 @@ domains:
   cs:
     name: "cs.dybiec.info"
     websocket: true
+    http_redirect: true
     proxy:
       port: 5002
   cnt:
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
index aee87da..28c79cf 100644
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@@ -1,6 +1,7 @@
 {% if server.http_redirect is defined and server.http_redirect %}
 server {
        listen         80;
+       listen         [::]:80;
        server_name    {{ server.name }};
        return         301 https://$server_name$request_uri;
 }
@@ -13,8 +14,10 @@ server {
 
 {% if server.http_redirect is not defined or not server.http_redirect %}
   listen 80;
+  listen         [::]:80;
 {% endif %}
-  listen 443 ssl http2;
+  listen      443 ssl http2;
+  listen [::]:443 ssl http2;
   server_name {{ server.name }} {{server.aliases|default([])| join(' ')}};
 
   location / {
diff --git a/templates/wg.conf.j2 b/templates/wg.conf.j2
deleted file mode 100644
index 6d358b8..0000000
--- a/templates/wg.conf.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-#tamriel 10.0.27.1
-[Interface]
-ListenPort = 48574
-PrivateKey = {{ wireguard_private_key }}
-
-# balmora 10.0.27.2
-[Peer]
-PublicKey = 6dbkVQAQPkbk0+wt6f+wge5cPW6THe0Kua830jio528= 
-AllowedIPs = 10.0.27.2/32
-PersistentKeepalive = 20
-
-# motorola g6 10.0.27.3
-[Peer]
-PublicKey = pqSY7SCKuRkHBTMWVhYAASrx/A1HF8Nlb3emnO8WqAc=
-AllowedIPs = 10.0.27.3/32
-PersistentKeepalive = 20
-
-# spawarka 10.0.27.4
-[Peer]
-PublicKey = fd39gCTX7+hy6/lIAenhI1LVw6mCLWRSn0+6a1O+QCc=
-AllowedIPs = 10.0.27.4/32
-PersistentKeepalive = 20
diff --git a/wireguard.yml b/wireguard.yml
deleted file mode 100644
index db1278c..0000000
--- a/wireguard.yml
+++ /dev/null
@@ -1,88 +0,0 @@
----
-- name: Wireguard config
-  hosts: tamriel
-  remote_user: ansible_worker
-  become: yes
-  vars_files:
-  - secrets.yml
-  tasks:
-  - name: install wireguard
-    apt:
-      name: wireguard
-  - name: IPv4 forwarding
-    sysctl:
-      name: net.ipv4.ip_forward
-      value: "1"
-      state: present
-  - name: ARP proxy
-    sysctl:
-      name: net.ipv4.conf.all.proxy_arp
-      value: "1"
-      state: present
-
-
-  - name: Generate wireguard config
-    template:
-      src: templates/wg.conf.j2
-      dest: /etc/wireguard/wg0.conf
-
-
-  - lineinfile:
-      dest: /etc/network/interfaces
-      state: present
-      insertafter: "^source /etc/network/interfaces.d/*"
-      line: auto wg0
-  - lineinfile:
-      dest: /etc/network/interfaces
-      state: present
-      insertafter: "^auto wg0"
-      line: iface wg0 inet static
-      
-  - interfaces_file:
-      iface: wg0
-      option: address
-      value: 10.0.27.1
-  - interfaces_file:
-      iface: wg0
-      option: netmask
-      value: 255.255.255.0
-  - interfaces_file:
-      iface: wg0
-      option: pre-up
-      value: ip link add $IFACE type wireguard
-  - interfaces_file:
-      iface: wg0
-      option: pre-up
-      value: wg setconf $IFACE /etc/wireguard/$IFACE.conf
-  - interfaces_file:
-      iface: wg0
-      option: post-down
-      value: ip link del $IFACE
-  
-  - iptables:
-      chain: INPUT
-      match: conntrack
-      ctstate: ["RELATED","ESTABLISHED"]
-      jump: ACCEPT
-  - iptables:
-      chain: FORWARD
-      match: conntrack
-      ctstate: ["RELATED","ESTABLISHED"]
-      jump: ACCEPT
-  - iptables:
-      chain: FORWARD
-      in_interface: wg0
-      out_interface: wg0
-      match: conntrack
-      ctstate: ["NEW"]
-      jump: ACCEPT
-      
-  - iptables:
-      chain: FORWARD
-      in_interface: wg0
-      jump: ACCEPT
-  - iptables:
-      table: nat
-      chain: POSTROUTING
-      out_interface: ens2
-      jump: MASQUERADE