From cd3210c5fb372fe4e800e076d22543851c175271 Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Fri, 12 Jan 2024 13:06:58 -0600 Subject: [PATCH] Adding minor webapps to WebServer tracking --- precommit-hooks/ensure-apps-are-short | 9 +++++ roles/WebServer/README.md | 10 +++++ roles/WebServer/files/apps/blackpage.html | 9 +++++ roles/WebServer/files/apps/notepad.html | 5 +++ roles/WebServer/files/apps/whatismyip.php | 3 ++ .../files/conf.d/Yggdrasil/aaa_default.conf | 12 +++++- roles/WebServer/tasks/main.yml | 37 ++++++++++++++++++- 7 files changed, 82 insertions(+), 3 deletions(-) create mode 100755 precommit-hooks/ensure-apps-are-short create mode 100644 roles/WebServer/files/apps/blackpage.html create mode 100644 roles/WebServer/files/apps/notepad.html create mode 100644 roles/WebServer/files/apps/whatismyip.php diff --git a/precommit-hooks/ensure-apps-are-short b/precommit-hooks/ensure-apps-are-short new file mode 100755 index 0000000..905cdee --- /dev/null +++ b/precommit-hooks/ensure-apps-are-short @@ -0,0 +1,9 @@ +#!/bin/bash + +# Webserver apps directory should be short -- apps that fail this category should become their own. + +for file in `find roles/WebServer/files/apps -type f`; do + if [[ $(wc -l "$file" | awk '{ print $1; }') -gt 10 ]]; then + echo "$file" is too long to be deployed as a mini-app under the WebServer role. + fi +done diff --git a/roles/WebServer/README.md b/roles/WebServer/README.md index 337dff6..103b452 100644 --- a/roles/WebServer/README.md +++ b/roles/WebServer/README.md @@ -10,6 +10,16 @@ Of security note are the default.csp.conf and sec.conf files in [the conf folder **Please note:** We offer a redirect on www.aninix.net and http://aninix.net:80/ only as a legacy convenience as browsers do not yet support 443 by default -- no data is transmitted on these. When the webhosting community acknowledges the death of the empty www. subdomain and the necessity of encryption, we will drop these. However, for usability, we include them for now. +## Apps + +We include `files/apps` here for apps that are too small to warrant their own project. These include things like: + +* AniNIX/Scratch -- a scratchpad in cache +* AniNIX/BlackPage -- a blackout page for the monitor +* AniNIX/WhatIsMyIP -- an IP-returning service, reducing the load on upstream [WhatIsMyIP](https://whatismyip.com) + +These apps must be short -- a hook is in place to ensure this. + # Available Clients Users should use [Chrome](http://google.com/chrome/browser/desktop/) where possible, though other standard browsers will work. [AniNIX/Maat](https://maat.aninix.net) builds google-chrome as a package for ArchLinux. diff --git a/roles/WebServer/files/apps/blackpage.html b/roles/WebServer/files/apps/blackpage.html new file mode 100644 index 0000000..d684d56 --- /dev/null +++ b/roles/WebServer/files/apps/blackpage.html @@ -0,0 +1,9 @@ + + +Hit F11 to black screen + + + + + + diff --git a/roles/WebServer/files/apps/notepad.html b/roles/WebServer/files/apps/notepad.html new file mode 100644 index 0000000..65af0be --- /dev/null +++ b/roles/WebServer/files/apps/notepad.html @@ -0,0 +1,5 @@ + + +
+ + diff --git a/roles/WebServer/files/apps/whatismyip.php b/roles/WebServer/files/apps/whatismyip.php new file mode 100644 index 0000000..0b55b77 --- /dev/null +++ b/roles/WebServer/files/apps/whatismyip.php @@ -0,0 +1,3 @@ + diff --git a/roles/WebServer/files/conf.d/Yggdrasil/aaa_default.conf b/roles/WebServer/files/conf.d/Yggdrasil/aaa_default.conf index bdbdeaf..8c51cc1 100644 --- a/roles/WebServer/files/conf.d/Yggdrasil/aaa_default.conf +++ b/roles/WebServer/files/conf.d/Yggdrasil/aaa_default.conf @@ -18,10 +18,14 @@ server { proxy_pass http://127.0.0.1:3000; } + location /shadowarch { + rewrite /shadowarch /Foundation/ShadowArch/raw/branch/main/EtcFiles/shadowarch; + } + location /aninix.xml { proxy_hide_header Content-Type; add_header content-type "application/atom+xml"; - rewrite /aninix.xml /AniNIX/Wiki/raw/branch/main/rss/aninix.xml; + rewrite /aninix.xml /Foundation/Wiki/raw/branch/main/rss/aninix.xml; } location /martialarts/maqotw.xml { @@ -44,6 +48,12 @@ server { try_files $uri /blackpage.html; } + location /notepad { + root /usr/share/webapps/aninix/; + try_files $uri /notepad.html; + } + + } server { diff --git a/roles/WebServer/tasks/main.yml b/roles/WebServer/tasks/main.yml index 79d45d7..617c24e 100644 --- a/roles/WebServer/tasks/main.yml +++ b/roles/WebServer/tasks/main.yml @@ -1,4 +1,5 @@ --- + - name: Install components become: yes package: @@ -11,6 +12,25 @@ - php - php-fpm + - name: Config directories + become: yes + file: + path: "{{ item }}" + state: directory + owner: http + group: http + mode: 0750 + loop: + - /usr/share/webapps/aninix + - /etc/nginx/conf + - /etc/nginx/conf.d + - /etc/modsecurity + - /var/log/modsec + - /var/log/modsec/tmp + - /var/log/modsec/data + - /var/log/modsec/audit + - /var/log/modsec/uploads + - name: Copy PHP config become: yes copy: @@ -43,7 +63,17 @@ follow: true register: conf - - name: Nginx pidfile + - name: Copy conf + become: yes + copy: + src: apps/ + dest: /usr/share/webapps/aninix + owner: http + group: http + mode: 0660 + follow: true + + - name: Nginx pidfile become: yes ignore_errors: true file: @@ -83,7 +113,7 @@ dest: /usr/share/owasp-modsecurity-crs umask: "0022" - - name: Modsecurity config dir + - name: Config directories become: yes file: path: "{{ item }}" @@ -92,6 +122,9 @@ group: http mode: 0750 loop: + - /usr/share/webapps/aninix + - /etc/nginx/conf + - /etc/nginx/conf.d - /etc/modsecurity - /var/log/modsec - /var/log/modsec/tmp