Adding CertBot necessary configs

965c7389 · Okhin · b1ecb0fd · 965c7389 · 965c7389 · 965c7389
Commit 965c7389 authored Apr 03, 2019 by Okhin
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,6 @@
 [submodule "roles/rp"]
 	path = roles/rp
 	url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/rp.git
+[submodule "roles/alternc"]
+	path = roles/alternc
+	url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/alternc.git
--- a/ansible.cfg
+++ b/ansible.cfg
 [defaults]
 inventory = hosts
 retry_files_enabled = False
+vault_password_file = .password

 [diff]
 always = yes
--- a/host_vars/pi3.lqdn.fr.yml
+++ b/host_vars/pi3.lqdn.fr.yml
@@ -52,7 +52,7 @@ wordpress_wildcard_keyfile: /etc/letsencrypt/live/grange.dev.lqdn.fr/privkey.pem

 wordpress_vhost:
    - servername: "grange.dev.lqdn.fr"
-      serveralias: "*.grange.dev.lqdn.fr"
+      serveralias: "\*.grange.dev.lqdn.fr"
      documentroot: "{{ wordpress_path }}"
      allow_override: "All"
      #certificate_file: "{{ wordpress_wildcard_certfile }}"
@@ -63,12 +63,20 @@ wordpress_vhost:



-#certbot_create_command: "{{ certbot_script }} certonly --webroot --webrootpath /var/www/letsencrypt/ --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(,)"
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+    - apache2

-#certbot_certs:
-#    - domains:
-#        - "grange.dev.lqdn.fr"
-#        - "*.grange.dev.lqdn.fr"
+certbot_create_command: "{{ certbot_script }} certonly --noninteractive --manual --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok --preferred-challenges=dns --agree-tos --manual-auth-hook /usr/local/bin/certbot-auth.php --manual-cleanup-hook /usr/local/bin/certbot-cleanup.php -d {{cert_item.domains | join(',') }}"
+
+certbot_certs:
+    - domains:
+        - "grange.dev.lqdn.fr"
+        - "*.grange.dev.lqdn.fr"
+      email: "okhin@laquadrature.net"
+
+certbot_create_if_missing: True
+certbot_admin_email: okhin@laquadrature.net

 rp_path: /srv/rp
 rp_source_path: /srv/rp/rp-rp2
@@ -89,7 +97,7 @@ rp_vhost:
      serveralias: "rp2.dev.lqdn.fr rp.dev.laquadrature.net rp2.dev.laquadrature.net"
      documentroot: "{{ rp_path }}"
      uwsgi:
-          socket: /run/uwsgi/app/rp/socket
+          socket: /run/uwsgi/app/rp2/socket
      statics:
          - alias: /static/
            path: "{{ rp_source_path }}/static/static_root/"
@@ -102,3 +110,17 @@ nodejs_packages_update_cache: no
 npm_packages:
    - yarn
    - webpack
+
+# Altern-C configuration
+alternc_username: pi
+alternc_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36646462633066656439643964376532663562346630333534386366313135303562373464316662
+          3064366534356637623139343132343665623034346239330a643230396666396262383464323266
+          33353037656233326262343939303064653962303364343361396661393762323666333538663838
+          3934383264643161340a623232333162366163623839663930356262636166313563313638393432
+          6261
+alternc_panel_url: https://pi.lqdn.fr/
+alternc_token_file: /root/.alternc-token
+alternc_token_url: "{{ alternc_panel_url }}api/auth/login?login={{ alternc_username }}&password={{ alternc_password | trim }}&duration=3650"
+alternc_domain_root: lqdn.fr
--- a/alternc @ 839880e2
+++ b/alternc @ 839880e2
+Subproject commit 839880e2e2adcfdead58dde5a7c1b1dbc3ff9da6
--- a/rp @ b0b7629d
+++ b/rp @ b0b7629d
-Subproject commit 1b52ee2a2d8d92644011c3e146a55926ddc67087
+Subproject commit b0b7629dbee68e166b32becd071b8fc61d2acf69
--- a/site.yml
+++ b/site.yml
@@ -11,6 +11,7 @@
      - role: geerlingguy.mysql
      - role: geerlingguy.php
      - role: geerlingguy.php-mysql
+      - role: alternc
      - role: geerlingguy.certbot
      - role: geerlingguy.apache
        vars: