✨ (linkstack): Added a new role linkstack

theobori-cafe · Jun 17, 2024 · 32fc089 · 32fc089
1 parent 04db94e
commit 32fc089
Show file tree

Hide file tree

Showing 17 changed files with 74 additions and 12 deletions.
diff --git a/main.yml b/main.yml
@@ -117,6 +117,9 @@
     - role: monitoring
       tags: monitoring
 
+    - role: linkstack
+      tags: linkstack
+
     - role: vitalk.secure-ssh
       tags: ssh
       ssh_user: "{{ ansible_ssh_user }}"

diff --git a/roles/calibre_web/templates/nginx.j2 b/roles/calibre_web/templates/nginx.j2
@@ -13,6 +13,6 @@ server {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Scheme $scheme;
 
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/etherpad/templates/nginx.j2 b/roles/etherpad/templates/nginx.j2
@@ -11,6 +11,6 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/gitea/templates/nginx.j2 b/roles/gitea/templates/nginx.j2
@@ -17,6 +17,6 @@ server {
     include proxy_params;
     proxy_set_header X-Real-IP $remote_addr;
 
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/linkstack/files/docker-compose.yml b/roles/linkstack/files/docker-compose.yml
@@ -0,0 +1,16 @@
+version: "3.8"
+
+services:
+  linkstack:
+    image: linkstackorg/linkstack
+    container_name: linkstack
+    hostname: linkstack
+    env_file: .env
+    ports:
+      - "127.0.0.1:8880:80"
+    restart: unless-stopped
+    volumes:
+      - linkstack:/htdocs
+
+volumes:
+  linkstack:
diff --git a/roles/linkstack/tasks/main.yml b/roles/linkstack/tasks/main.yml
@@ -0,0 +1,18 @@
+- name: Include service role
+  ansible.builtin.include_role:
+    name: "service"
+  vars:
+    service_name: "linkstack"
+    service_fqdn: "links.{{ domain }}"
+    service_nginx_port: "8880"
+    service_certbot: true
+    service_nginx: true
+    service_tor: true
+    service_docker_compose: true
+    service_systemd_service: true
+
+- name: Copy LinkStack environment file
+  ansible.builtin.template:
+    src: ".env.j2"
+    dest: "{{ base_dir }}/linkstack/.env"
+    mode: "0640"
diff --git a/roles/linkstack/templates/.env.j2 b/roles/linkstack/templates/.env.j2
@@ -0,0 +1,3 @@
+HTTP_SERVER_NAME: "links.{{ domain }}"
+HTTPS_SERVER_NAME: "links.{{ domain }}"
+SERVER_ADMIN: "{{ mailer_from }}"
diff --git a/roles/linkstack/templates/nginx.j2 b/roles/linkstack/templates/nginx.j2
@@ -0,0 +1,22 @@
+server {
+  include listen-443;
+  server_name {{ server_name }};
+
+  include ssl_params;
+  ssl_certificate /etc/letsencrypt/live/{{ server_name }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ server_name }}/privkey.pem;
+
+  include header_params;
+
+  location / {
+    include proxy_params;
+
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $host;
+
+    # Fixes Mixed Content errors.
+    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
+
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
+  }
+}
diff --git a/roles/nextcloud/templates/nginx.j2 b/roles/nextcloud/templates/nginx.j2
@@ -23,6 +23,6 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/personal_services/templates/nginx.j2 b/roles/personal_services/templates/nginx.j2
@@ -19,6 +19,6 @@ server {
     include proxy_params;
     add_header Content-Security-Policy "default-src 'none'; manifest-src 'self'; font-src 'self' https:; style-src 'self' 'unsafe-hashes' 'sha256-rV9I2X3m+USubUYRTavlYrp7o/qO7hN5BS/JKHv32hY=' 'nonce-$ssl_session_id'; media-src 'self'; frame-ancestors 'self'; base-uri 'none'; form-action 'none'; style-src-elem 'self' 'unsafe-inline' https:; img-src 'self' https:; script-src 'self'; script-src-elem 'self' 'nonce-$ssl_session_id' https:; connect-src 'self'";
 
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/personal_website/templates/nginx.j2 b/roles/personal_website/templates/nginx.j2
@@ -19,6 +19,6 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/private_bin/templates/nginx.j2 b/roles/private_bin/templates/nginx.j2
@@ -10,6 +10,6 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/proxitok/templates/nginx.j2 b/roles/proxitok/templates/nginx.j2
@@ -11,6 +11,6 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/searxng/templates/nginx.j2 b/roles/searxng/templates/nginx.j2
@@ -13,7 +13,7 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
 
diff --git a/roles/ssp/templates/nginx.j2 b/roles/ssp/templates/nginx.j2
@@ -14,6 +14,6 @@ server {
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Host $host;
 
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/tt_rss/templates/nginx.j2 b/roles/tt_rss/templates/nginx.j2
@@ -14,6 +14,6 @@ server {
     include proxy_params;
     proxy_set_header X-Forwarded-Proto $scheme;
 
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }
diff --git a/roles/uptime_kuma/templates/nginx.j2 b/roles/uptime_kuma/templates/nginx.j2
@@ -15,6 +15,6 @@ server {
 
   location / {
     include proxy_params;
-    proxy_pass http://localhost:{{ server_port }}/;
+    proxy_pass http://127.0.0.1:{{ server_port }}/;
   }
 }