Commit 965c7389 authored by okhin's avatar okhin 🚴

Adding CertBot necessary configs

parent b1ecb0fd
Pipeline #2562 failed with stages
in 31 seconds
......@@ -7,3 +7,6 @@
[submodule "roles/rp"]
path = roles/rp
url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/rp.git
[submodule "roles/alternc"]
path = roles/alternc
url = gitlab@git.laquadrature.net:lqdn-interne/piops-roles/alternc.git
[defaults]
inventory = hosts
retry_files_enabled = False
vault_password_file = .password
[diff]
always = yes
......@@ -52,7 +52,7 @@ wordpress_wildcard_keyfile: /etc/letsencrypt/live/grange.dev.lqdn.fr/privkey.pem
wordpress_vhost:
- servername: "grange.dev.lqdn.fr"
serveralias: "*.grange.dev.lqdn.fr"
serveralias: "\*.grange.dev.lqdn.fr"
documentroot: "{{ wordpress_path }}"
allow_override: "All"
#certificate_file: "{{ wordpress_wildcard_certfile }}"
......@@ -63,12 +63,20 @@ wordpress_vhost:
#certbot_create_command: "{{ certbot_script }} certonly --webroot --webrootpath /var/www/letsencrypt/ --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(,)"
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- apache2
#certbot_certs:
# - domains:
# - "grange.dev.lqdn.fr"
# - "*.grange.dev.lqdn.fr"
certbot_create_command: "{{ certbot_script }} certonly --noninteractive --manual --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok --preferred-challenges=dns --agree-tos --manual-auth-hook /usr/local/bin/certbot-auth.php --manual-cleanup-hook /usr/local/bin/certbot-cleanup.php -d {{cert_item.domains | join(',') }}"
certbot_certs:
- domains:
- "grange.dev.lqdn.fr"
- "*.grange.dev.lqdn.fr"
email: "okhin@laquadrature.net"
certbot_create_if_missing: True
certbot_admin_email: okhin@laquadrature.net
rp_path: /srv/rp
rp_source_path: /srv/rp/rp-rp2
......@@ -89,7 +97,7 @@ rp_vhost:
serveralias: "rp2.dev.lqdn.fr rp.dev.laquadrature.net rp2.dev.laquadrature.net"
documentroot: "{{ rp_path }}"
uwsgi:
socket: /run/uwsgi/app/rp/socket
socket: /run/uwsgi/app/rp2/socket
statics:
- alias: /static/
path: "{{ rp_source_path }}/static/static_root/"
......@@ -102,3 +110,17 @@ nodejs_packages_update_cache: no
npm_packages:
- yarn
- webpack
# Altern-C configuration
alternc_username: pi
alternc_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
36646462633066656439643964376532663562346630333534386366313135303562373464316662
3064366534356637623139343132343665623034346239330a643230396666396262383464323266
33353037656233326262343939303064653962303364343361396661393762323666333538663838
3934383264643161340a623232333162366163623839663930356262636166313563313638393432
6261
alternc_panel_url: https://pi.lqdn.fr/
alternc_token_file: /root/.alternc-token
alternc_token_url: "{{ alternc_panel_url }}api/auth/login?login={{ alternc_username }}&password={{ alternc_password | trim }}&duration=3650"
alternc_domain_root: lqdn.fr
Subproject commit 839880e2e2adcfdead58dde5a7c1b1dbc3ff9da6
Subproject commit 1b52ee2a2d8d92644011c3e146a55926ddc67087
Subproject commit b0b7629dbee68e166b32becd071b8fc61d2acf69
......@@ -11,6 +11,7 @@
- role: geerlingguy.mysql
- role: geerlingguy.php
- role: geerlingguy.php-mysql
- role: alternc
- role: geerlingguy.certbot
- role: geerlingguy.apache
vars:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment