proxies: add security.txt file

Per https://securitytxt.org/ and https://datatracker.ietf.org/doc/html/draft-foudil-securitytxt-12 This is a basic 2 liner, we can expand on it later. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-10-19 15:07:42 -07:00 · 2021-10-19 15:07:42 -07:00 · d93be536ff
commit d93be536ff
parent 0ae073966a
4 changed files with 20 additions and 0 deletions
--- a/playbooks/include/proxies-miscellaneous.yml
+++ b/playbooks/include/proxies-miscellaneous.yml
@ -59,3 +59,7 @@
  - role: pkgdb-proxy
    tags:
    - pkgdb2
+
+  - role: security.txt
+    tags:
+    - security.txt
--- a/roles/security.txt/files/security-txt.conf
+++ b/roles/security.txt/files/security-txt.conf
@ -0,0 +1 @@
+AliasMatch ^/.well-known/security.txt /srv/web/security.txt
--- a/roles/security.txt/files/security.txt
+++ b/roles/security.txt/files/security.txt
@ -0,0 +1,2 @@
+Contact: mailto:infra-security@fedoraproject.org
+Expires: 2022-01-31T21:01:00.000Z
--- a/roles/security.txt/tasks/main.yml
+++ b/roles/security.txt/tasks/main.yml
@ -0,0 +1,13 @@
+---
+# Install static security.txt file on proxies.
+- name: Copy static security.txt file into place
+  copy: src=security.txt dest=/srv/web/security.txt owner=root group=root mode=755
+  tags:
+  - security.txt
+
+- name: Copy httpd config
+  copy: src=security-txt.conf dest=/etc/httpd/conf.d/admin.fedoraproject.org/security-txt.conf owner=root group=root mode=755
+  notify:
+  - reload apache
+  tags:
+  - security.txt
				`@ -0,0 +1 @@`
				`AliasMatch ^/.well-known/security.txt /srv/web/security.txt`