Disable access except to my IP address

Makefile

@@ -2,7 +2,7 @@
 
 define CONFIG_MSG =
 
-You do not have a config.mk file.
+You do not have a config.mk file, or the one you have is out of date.
 
 Please run "./configure" or copy `config.mk.in` to `config.mk` and edit its settings
 

ansible/inventory.tmpl.yaml

@@ -14,6 +14,7 @@ social:
     mastodon_sidekiq_count: {{MASTODON_SIDEKIQ_COUNT}}
     mastodon_sidekiq_threads: {{MASTODON_SIDEKIQ_THREADS}}
     public_ip: "{{PUBLIC_IP}}"
+    my_ip: "{{MY_IP}}"
     s3_bucket_name: "{{S3_BUCKET_NAME}}"
     #s3_endpoint: 
     s3_hostname: "s3.{{AWS_REGION}}.amazonaws.com"

ansible/roles/mastodon/templates/nginx.conf

@@ -33,18 +33,12 @@ server {
   listen 8448 ssl http2 default_server;
   listen [::]:8448 ssl http2 default_server;
 
-#  ssl_protocols TLSv1.2 TLSv1.3;
-#  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
-#  ssl_prefer_server_ciphers on;
-#  ssl_session_cache shared:SSL:10m;
-#  ssl_session_tickets off;
+  allow {{ my_ip }}/32;
+  deny all;
 
-  # Uncomment these lines once you acquire a certificate:
-  # ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
-  # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
-  ssl_trusted_certificate   /etc/letsencrypt/live/www.poorsquinky.com-0002/chain.pem;
-  ssl_certificate           /etc/letsencrypt/live/www.poorsquinky.com-0002/fullchain.pem;
-  ssl_certificate_key       /etc/letsencrypt/live/www.poorsquinky.com-0002/privkey.pem;
+  ssl_trusted_certificate   /etc/letsencrypt/live/{{ domain_name }}/chain.pem;
+  ssl_certificate           /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
+  ssl_certificate_key       /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
   ssl_protocols TLSv1.2 TLSv1.3;

terraform/outputs.tf

@@ -12,7 +12,7 @@ output "nameservers" {
 output "s3_bucket_name" {
   value = module.s3_bucket.s3_bucket_id
 }
-output "myip" {
+output "my_ip" {
   value = "${chomp(data.http.myip.body)}"
 }