New highdef.network splash site (clearnet & internal)

Author: jlu5

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "dn42-registry"]
 	path = dn42-registry
 	url = git@git.dn42.dev:dn42/registry.git
+[submodule "roles/apps_nginx"]
+	path = roles/apps_nginx
+	url = https://github.com/jlu5/ansible-nginx

global-config/general.yml

@@ -64,3 +64,11 @@ ip6tables_rules_path: "{{ iptables_dir }}/rules.v6"
 automation_user: dn42-automation
 automation_root_dir: /opt/dn42
 automation_user_home: /opt/dn42/automation/
+
+# splash hosts for clearnet
+splash_hosts:
+  - highdef.network
+  - www.highdef.network
+
+letsencrypt_account_email: "{{ 'hel' + 'lo@jl' + 'u5.com' if ownas == '4242421080' | mandatory('Please change letsencrypt_account_email to your account') }}"
+letsencrypt_webroot_path: "/var/www/html"

hosts.yml

@@ -399,6 +399,11 @@ staging:
     dn42-es-mad01.jlu5.com:
     dn42-it-mil01.jlu5.com:
 
+# Clearnet web hosts
+web:
+  hosts:
+    dn42-us-sea02.jlu5.com:
+
 # Extra hosts managed by Ansible but with a reduced set of services
 private:
   hosts:

roles/apps_nginx

@@ -0,0 +1,61 @@
+@import url('https://fonts.googleapis.com/css2?family=Comfortaa&display=swap');
+
+body {
+    text-align: center;
+    margin-top: 5%;
+    background-color: #121214;
+
+    color: #dedede;
+    font-family: sans-serif;
+    font-size: large;
+}
+
+body, html {
+    width: 100%;
+    height: 100%;
+    overflow: hidden;
+}
+
+.main {
+    width: 80%;
+    margin: auto;
+}
+
+h1, h2 {
+    font-family: 'Comfortaa', cursive;
+    margin: 1vh;
+    text-shadow: 2px 2px 10px #121240;
+}
+
+h1 {
+    font-size: 300%;
+}
+
+h2 {
+    font-size: 200%;
+}
+
+a {
+    color: lightblue;
+}
+a:hover {
+    color: #cee7ef;
+}
+
+a:visited {
+    color: pink;
+}
+a:visited:hover {
+    color: #ffd6dd;
+}
+
+#serverinfo-container {
+    max-width: 600px;
+    margin: 0 auto;
+    text-align: left;
+    display: block;
+}
+
+hr {
+    margin-bottom: 3vh;
+}

roles/upload-splash-site/files/style.css

@@ -0,0 +1,35 @@
+- name: Create splash page folder
+  file:
+    path: "{{ automation_root_dir }}/splash"
+    state: directory
+
+- name: Upload splash page files
+  template:
+    src: index-dn42.html.j2
+    dest: "{{ automation_root_dir }}/splash/index-dn42.html"
+- name: Upload splash page files
+  template:
+    src: index-clearnet.html.j2
+    dest: "{{ automation_root_dir }}/splash/index-clearnet.html"
+- name: Upload splash page files
+  copy:
+    src: style.css
+    dest: "{{ automation_root_dir }}/splash/style.css"
+
+- name: Setup splash page for dn42
+  include_role:
+    name: apps_nginx
+  vars:
+    nginx_site:
+      src: dn42-splash.conf.j2
+      dst: dn42-splash.conf
+
+- name: Setup splash page for clearnet
+  include_role:
+    name: apps_nginx
+  vars:
+    letsencrypt_domains: "{{ splash_hosts }}"
+    nginx_site:
+      src: dn42-splash-clearnet.conf.j2
+      dst: dn42-splash-clearnet.conf
+  when: "'web' in group_names"

roles/upload-splash-site/tasks/main.yml

@@ -0,0 +1,35 @@
+# Clearnet (HTTP -> HTTPS redirect)
+server {
+    listen 80;
+    listen [::]:80;
+
+{% for server_name in splash_hosts %}
+    server_name {{ server_name }};
+{% endfor %}
+    return 301 https://$server_name$request_uri;
+}
+
+# Clearnet splash
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+{% for server_name in splash_hosts %}
+    server_name {{ server_name }};
+{% endfor %}
+
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ splash_hosts[0] }}/chain.pem;
+    ssl_certificate /etc/letsencrypt/live/{{ splash_hosts[0] }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ splash_hosts[0] }}/privkey.pem;
+    include snippets/nginx-ssl.conf;
+
+    location /.well-known {
+        {# webroot for LE cert validation #}
+        root /var/www/html;
+    }
+
+    location / {
+        root {{ automation_root_dir }}/splash;
+        index index-clearnet.html;
+    }
+}

roles/upload-splash-site/templates/dn42-splash-clearnet.conf.j2

@@ -0,0 +1,25 @@
+{% set rtrname = dns_auto_host_record_format | replace("%s", shortname) %}
+
+# dn42 splash
+server {
+    listen 80;
+    listen [::]:80;
+    server_name *.{{ dns_domain }};
+    server_name 172.23.0.53;
+{% for iface, options in dummy_interfaces.items() %}
+{% for ip in options.ip4 + options.ip6 %}
+    server_name {{ ip | ipaddr('address') | ipwrap }};
+{% endfor %}
+{% endfor %}
+
+	location /connectionInfo {
+		keepalive_requests 0;
+		default_type text/plain;
+		return 200 "$remote_addr (you) ↔ $server_addr (me)";
+	}
+
+    location / {
+        root {{ automation_root_dir }}/splash;
+        index index-dn42.html;
+    }
+}

roles/upload-splash-site/templates/dn42-splash.conf.j2

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>highdef.network</title>
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link href="style.css" rel="stylesheet">
+</head>
+
+<body>
+<div class="main">
+    <h1>highdef.network</h1>
+    <h2>AS4242421080</h2>
+    <p>highdef is an experimental network interconnected with <a href="https://dn42.dev">dn42</a>.</p>
+    <p>
+        <a href="https://jlu5.com/dn42">Peering</a>
+        -
+        <a href="https://lg42.jlu5.com/">Looking Glass</a>
+    </p>
+</div>
+</body>
+</html>

roles/upload-splash-site/templates/index-clearnet.html.j2

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>AS4242421080 Splash Site</title>
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link href="style.css" rel="stylesheet">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fork-awesome@1.1.7/css/fork-awesome.min.css" integrity="sha256-gsmEoJAws/Kd3CjuOQzLie5Q3yshhvmo7YNtBG7aaEY=" crossorigin="anonymous">
+</head>
+
+<body>
+<div class="main">
+    <h1>highdef.network</h1>
+    <h2>AS4242421080</h2>
+    <p>
+        <a href="https://jlu5.com/dn42">Peering</a>
+        -
+        <a href="https://lg42.jlu5.com/">Looking Glass</a>
+    </p>
+    <hr>
+    <h2>
+        <i class="fa fa-server" aria-hidden="true"></i>
+        Server info
+    </h2>
+    <div id="serverinfo-container">
+        <p>Current server: <b>{{ shortname }}</b></p>
+        <p>Test IPs: <b>{{ ownip }}</b> / <b>{{ ownip6 }}</b></p>
+        <p>Location: <b>{{ location }}</b></p>
+    </div>
+    <hr>
+    <h2>
+        <i class="fa fa-signal" aria-hidden="true"></i>
+        Connection info
+    </h2>
+    <p id="connectionInfo">
+        <noscript><a href="connectionInfo">Click to check</a></noscript>
+    </p>
+</div>
+<script>
+let req = new XMLHttpRequest();
+req.addEventListener("load", function() {
+    let textContainer = document.getElementById("connectionInfo");
+    if (this.status === 200) {
+        textContainer.innerText = this.responseText;
+    } else
+        textContainer.innerText = `[Error loading: ${this.status} ${this.statusText}]`;
+    }
+);
+req.overrideMimeType("text/plain;");
+req.open("GET", "connectionInfo");
+req.send();
+</script>
+</body>
+</html>

roles/upload-splash-site/templates/index-dn42.html.j2

@@ -0,0 +1 @@
+../files/style.css

roles/upload-splash-site/templates/style.css

@@ -0,0 +1,5 @@
+- name: Setup splash site for dn42 routers
+  hosts: dn42routers
+  become: yes
+  roles:
+    - upload-splash-site