 |
main.yml - infra - Terraform IoC for my remote (Hetzner) and local (Incus) serv… |
 |
git clone git://jay.scot/infra |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
main.yml (1476B) |
|
--- |
|
1 #cloud-config |
|
2 |
|
3 ssh_pwauth: false |
|
4 hostname: jay.scot |
|
5 timezone: Europe/London |
|
6 package_update: true |
|
7 |
|
8 packages: |
|
9 - caddy |
|
10 - git |
|
11 - git-daemon-sysvinit |
|
12 - unattended-upgrades |
|
13 |
|
14 users: |
|
15 - name: jay |
|
16 groups: users,wheel |
|
17 sudo: ALL=(ALL) NOPASSWD:ALL |
|
18 shell: /bin/bash |
|
19 lock_passwd: true |
|
20 ssh_authorized_keys: |
|
21 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLmKYxwXTbyRWLG0S24RTpyfyBO… |
|
22 |
|
23 - name: git |
|
24 shell: /usr/bin/git-shell |
|
25 homedir: /srv/git |
|
26 ssh_authorized_keys: |
|
27 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLmKYxwXTbyRWLG0S24RTpyfyBO… |
|
28 |
|
29 write_files: |
|
30 - path: /etc/default/git-daemon |
|
31 permissions: '0644' |
|
32 content: | |
|
33 GIT_DAEMON_ENABLE=true |
|
34 GIT_DAEMON_USER=git |
|
35 GIT_DAEMON_BASE_PATH=/srv/git |
|
36 GIT_DAEMON_DIRECTORY=/srv/git |
|
37 GIT_DAEMON_OPTIONS="--export-all" |
|
38 |
|
39 - path: /etc/caddy/Caddyfile |
|
40 permissions: '0644' |
|
41 content: | |
|
42 jay.scot { |
|
43 tls [email protected] |
|
44 root * /srv/www |
|
45 encode gzip |
|
46 file_server |
|
47 header / { |
|
48 -Server |
|
49 X-Content-Type-Options nosniff |
|
50 X-Frame-Options DENY |
|
51 Referrer-Policy "no-referrer-when-downgrade" |
|
52 Strict-Transport-Security "max-age=31536000; includeSubDomains… |
|
53 Permissions-Policy interest-cohort=() |
|
54 Content-Security-Policy "default-src 'self'; style-src 'self' … |
|
55 } |
|
56 } |
