diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-08-22 19:53:49 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-08-22 19:53:49 +0200 |
commit | fc5d0657bfcba53ace230ff2ada64b7fcf9b97a3 (patch) | |
tree | 350a8d401e0113bff7d78aee4d8547cddf06b8f7 /chaos-at-home | |
parent | fix docker for debian bookworm+ (diff) | |
parent | some more cleanup for acme specific variables (diff) |
Merge branch 'topic/uacme'
Diffstat (limited to 'chaos-at-home')
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 17 | ||||
-rw-r--r-- | chaos-at-home/ch-imap-proxy.yml | 11 | ||||
-rw-r--r-- | chaos-at-home/ch-mimas.yml | 3 | ||||
-rw-r--r-- | chaos-at-home/ch-pan.yml | 11 | ||||
-rw-r--r-- | chaos-at-home/r3-0x10.yml | 3 |
5 files changed, 30 insertions, 15 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index 0376fcd5..24fd6f92 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -6,6 +6,10 @@ - role: core/base - role: core/sshd/base - role: core/zsh + +- name: Payload Setup + hosts: ch-http-proxy + roles: - role: apt-repo/spreadspace - role: x509/acmetool/base - role: nginx/base @@ -43,7 +47,8 @@ default: yes name: web template: generic - acme: yes + tls: + certificate_provider: acmetool hostnames: - web.chaos-at-home.org locations: @@ -108,7 +113,8 @@ nginx_vhost: name: passwd template: generic - acme: yes + tls: + certificate_provider: acmetool hostnames: - passwd.chaos-at-home.org locations: @@ -175,7 +181,8 @@ nginx_vhost: name: webmail template: generic - acme: yes + tls: + certificate_provider: acmetool hostnames: - webmail.chaos-at-home.org locations: @@ -200,7 +207,8 @@ nginx_vhost: name: webdav template: generic - acme: yes + tls: + certificate_provider: acmetool hostnames: - webdav.chaos-at-home.org locations: @@ -224,7 +232,6 @@ vars: nginx_vhost: name: imap - acme: no content: | server { listen 80; diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml index 936140bc..1c05f28b 100644 --- a/chaos-at-home/ch-imap-proxy.yml +++ b/chaos-at-home/ch-imap-proxy.yml @@ -6,10 +6,15 @@ - role: core/base - role: core/sshd/base - role: core/zsh + +- name: Payload Setup + hosts: ch-imap-proxy + roles: - role: apt-repo/spreadspace - role: x509/acmetool/base - role: x509/acmetool/cert - acmetool_cert_name: "imap.chaos-at-home.org" + acmetool_cert_hostnames: + - "imap.chaos-at-home.org" acmetool_cert_config: request: challenge: @@ -25,8 +30,8 @@ dest: /etc/stunnel/imap.conf content: | pid = /var/run/stunnel-imap.pid - cert = /var/lib/acme/live/imap.chaos-at-home.org/fullchain - key = /var/lib/acme/live/imap.chaos-at-home.org/privkey + cert = {{ x509_certificate_path_fullchain }} + key = {{ x509_certificate_path_key }} [imap] client = yes diff --git a/chaos-at-home/ch-mimas.yml b/chaos-at-home/ch-mimas.yml index 2743644c..fec7b0e5 100644 --- a/chaos-at-home/ch-mimas.yml +++ b/chaos-at-home/ch-mimas.yml @@ -44,7 +44,8 @@ nginx_vhost: name: pub template: generic - acme: yes + tls: + certificate_provider: acmetool hostnames: - pub.chaos-at-home.org locations: diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml index 56a4f30a..bccd9ca5 100644 --- a/chaos-at-home/ch-pan.yml +++ b/chaos-at-home/ch-pan.yml @@ -43,11 +43,12 @@ template: generic hostnames: - dyn.schaaas.at - acme: yes + tls: + certificate_provider: acmetool + logs: + access: /var/log/nginx/dyn-schaaas_access.log + error: /var/log/nginx/dyn-schaaas_error.log extra_directives: | - access_log /var/log/nginx/dyn-schaaas_access.log; - error_log /var/log/nginx/dyn-schaaas_error.log; - add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; @@ -58,7 +59,7 @@ ssi on; locations: '= /raw': - extra_directives: | + custom: | types { } default_type text/plain; ssi_types text/plain; diff --git a/chaos-at-home/r3-0x10.yml b/chaos-at-home/r3-0x10.yml index c613f373..267bc596 100644 --- a/chaos-at-home/r3-0x10.yml +++ b/chaos-at-home/r3-0x10.yml @@ -33,7 +33,8 @@ default: yes name: 0x10 template: generic - acme: yes + tls: + certificate_provider: acmetool hostnames: - 0x10.r3.at - 0x10.realraum.at |