From 727b035068dec3f4505130ae8352f55625408fdb Mon Sep 17 00:00:00 2001 From: VC Date: Mon, 21 Dec 2020 19:07:14 +0100 Subject: [PATCH] =?UTF-8?q?Ajout=20d=E2=80=99UniFi,=20modif=20spamassassin?= =?UTF-8?q?,=20am=C3=A9lioration=20MariaDB,=20cr=C3=A9ation=20de=20Rhea?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- production/hosts | 6 ++++- roles/mariadb/tasks/main.yml | 1 + .../templates/vhosts/blog.libertus.eu.conf.j2 | 23 ++----------------- .../templates/vhosts/coince.mateu.be.conf.j2 | 22 ------------------ roles/spamassassin/files/local.cf | 6 +++++ roles/unifi/tasks/main.yml | 15 ++++++++++++ site.yml | 1 + unifi.yml | 3 +++ 8 files changed, 33 insertions(+), 44 deletions(-) delete mode 100644 roles/nginx/templates/vhosts/coince.mateu.be.conf.j2 create mode 100644 roles/unifi/tasks/main.yml create mode 100644 unifi.yml diff --git a/production/hosts b/production/hosts index c4fe672..71f73fd 100644 --- a/production/hosts +++ b/production/hosts @@ -8,6 +8,7 @@ machinbox.mateu.be claude.dmz.mateu.be dimitri.dmz.mateu.be edelgard.dmz.mateu.be +rhea.dmz.mateu.be [borgbackup:children] borg_server @@ -41,7 +42,7 @@ edelgard.dmz.mateu.be [webservers] bt.dmz.mateu.be web_hostname="['sonarr.mateu.be','bt.mateu.be','btf.mateu.be']" -web1.dmz.mateu.be web_hostname="['fav.libertus.eu', 'rss.libertus.eu', 'o.libertus.eu', 'blog.libertus.eu', 'mail.libertus.eu', 'perso.nintendojo.fr', 'perso.libertus.eu', 'r.mateu.be','coince.mateu.be', 'z.libertus.eu', 'autodiscover.libertus.eu']" +web1.dmz.mateu.be web_hostname="['fav.libertus.eu', 'rss.libertus.eu', 'o.libertus.eu', 'blog.libertus.eu', 'mail.libertus.eu', 'perso.nintendojo.fr', 'perso.libertus.eu', 'r.mateu.be','z.libertus.eu', 'autodiscover.libertus.eu']" web2.dmz.mateu.be web_hostname="['analyse.nintendojo.fr', 'nintendojo.fr', 'www.nintendojo.fr', 'forum.nintendojo.fr']" ror.dmz.mateu.be web_hostname="['m.nintendojo.fr']" jabber.dmz.mateu.be web_hostname="['libertus.eu', 'upload.libertus.eu', 'xmpp.libertus.eu']" @@ -90,3 +91,6 @@ munin.dmz.mateu.be [disabled_munin] baybay-ponay.mateu.be muse-macbookair.lan + +[unifiservers] +unifi.dmz.mateu.be diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index adfe8b6..db98035 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -85,3 +85,4 @@ minute: "{{ mariadb_backup_minute }}" job: "/usr/local/bin/backup_mysql.sh" state: present + diff --git a/roles/nginx/templates/vhosts/blog.libertus.eu.conf.j2 b/roles/nginx/templates/vhosts/blog.libertus.eu.conf.j2 index 68416cb..53a00b3 100644 --- a/roles/nginx/templates/vhosts/blog.libertus.eu.conf.j2 +++ b/roles/nginx/templates/vhosts/blog.libertus.eu.conf.j2 @@ -14,27 +14,8 @@ server { deny all; } - location ~ ^/(inc|plugins|db|cache)/ { - deny all; - } - - ## Inter PHP en path_info - location ~ ^/(index).php(/.*)+ { - fastcgi_split_path_info ^(.+\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock; - include fastcgi_params; - } - - ## Inter PHP brute - location ~ \.php$ { - try_files $uri $uri/ =404; - fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock; - include fastcgi_params; - } - - ## redirection des zolies URLs vers index.php - location / { - try_files $uri $uri/ /index.php$uri?$args; + location /feed/atom { + return 302 /atom.xml; } } diff --git a/roles/nginx/templates/vhosts/coince.mateu.be.conf.j2 b/roles/nginx/templates/vhosts/coince.mateu.be.conf.j2 deleted file mode 100644 index ef373b6..0000000 --- a/roles/nginx/templates/vhosts/coince.mateu.be.conf.j2 +++ /dev/null @@ -1,22 +0,0 @@ -server { -{% include './templates/header.conf.j2' %} - root /srv/http/coince.mateu.be/; - index index.htm index.html index.php; - - allow 2001:bc8:26c1:101:0:0:0:0/64; - allow 2001:bc8:26c1:105:0:0:0:0/64; - allow 2001:1b48:2:103::6d:2; - allow 83.167.52.81; - deny all; - - location ~ \.php$ { - try_files $uri $uri/ =404; - fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock; - include fastcgi_params; - } - - location /var { - deny all; - } -} - diff --git a/roles/spamassassin/files/local.cf b/roles/spamassassin/files/local.cf index a46e931..50c5f6a 100644 --- a/roles/spamassassin/files/local.cf +++ b/roles/spamassassin/files/local.cf @@ -9,6 +9,9 @@ score UNWANTED_LANGUAGE_BODY 5 header LOCAL_CARESSE Subject =~ /caresse/i score LOCAL_CARESSE 3.0 +header LOCAL_FRAUEN Subject =~ /single frauen/i +score LOCAL_FRAUEN 10.0 + header LOCAL_CETOSE Subject =~ /cétose/i score LOCAL_CETOSE 5.0 @@ -91,6 +94,9 @@ score LOCAL_BITCOIN 10.0 whitelist_from *@chichiclothing.com # Blacklist manuel +blacklist_from *@broad-bandsearch.net +blacklist_from *@nocimase.de +blacklist_from *@zintesder.de blacklist_from *@affgalaxy.com blacklist_from *@olabizer.de blacklist_from *@bizetase.nl diff --git a/roles/unifi/tasks/main.yml b/roles/unifi/tasks/main.yml new file mode 100644 index 0000000..e1161ad --- /dev/null +++ b/roles/unifi/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Add APT Key for Unifi + apt_key: + url: https://dl.ui.com/unifi/unifi-repo.gpg + state: present + +- name: Add APT Unifi repository + apt_repository: + repo: deb https://www.ui.com/downloads/unifi/debian stable ubiquiti + state: present + filename: unifi + +- name: install Unifi + package: + name: unifi + state: present diff --git a/site.yml b/site.yml index db45f05..b552864 100644 --- a/site.yml +++ b/site.yml @@ -17,3 +17,4 @@ - import_playbook: mumble.yml - import_playbook: icecast2.yml - import_playbook: munin.yml +- import_playbook: unifi.yml diff --git a/unifi.yml b/unifi.yml new file mode 100644 index 0000000..61ff001 --- /dev/null +++ b/unifi.yml @@ -0,0 +1,3 @@ +- hosts: unifiservers + roles: + - unifi