diff options
| -rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 55 | ||||
| -rw-r--r-- | inventory/host_vars/ch-http-proxy.yml | 1 | ||||
| -rw-r--r-- | roles/acmetool/cert/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/acmetool/cert/handlers/main.yml | 1 |
4 files changed, 51 insertions, 8 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index 7302072b..cac572c1 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -6,15 +6,54 @@ - role: core/base - role: core/sshd - role: core/zsh - # - role: apt-repo/spreadspace - # - role: acmetool/base + - role: apt-repo/spreadspace + - role: acmetool/base - role: nginx/base - # - role: acmetool/cert - # acmetool_cert_name: "http.chaos-at-home.org" - # acmetool_cert_config: - # request: - # challenge: - # http-self-test: false + - role: nginx/vhost + nginx_vhost: + name: webmail + template: generic-proxy-no-buffering-with-acme + acme: yes + hostnames: + - webmail.chaos-at-home.org + client_max_body_size: "200M" + proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-old']) | ipaddr('address') }}/" + acmetool_cert_config: + request: + challenge: + http-self-test: false + - role: nginx/vhost + nginx_vhost: + name: webdav + template: generic-proxy-no-buffering-with-acme + acme: yes + hostnames: + - webdav.chaos-at-home.org + proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-old']) | ipaddr('address') }}/" + acmetool_cert_config: + request: + challenge: + http-self-test: false + - role: nginx/vhost + nginx_vhost: + name: imap + acme: no + content: | + server { + listen 80; + listen [::]:80; + + server_name imap.chaos-at-home.org; + + location /.well-known/acme-challenge/ { + proxy_pass http://{{ network_services.imap.addr }}; + } + + location / { + return 303 https://webmail.chaos-at-home.org; + } + } + # post_tasks: # - name: install systemd service unit for service-ip # copy: diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml index 6ac333ef..13e764cb 100644 --- a/inventory/host_vars/ch-http-proxy.yml +++ b/inventory/host_vars/ch-http-proxy.yml @@ -33,4 +33,5 @@ network: - *_network_primary_ +acmetool_reconcile_disabled: yes #acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" diff --git a/roles/acmetool/cert/defaults/main.yml b/roles/acmetool/cert/defaults/main.yml new file mode 100644 index 00000000..ab0afaa3 --- /dev/null +++ b/roles/acmetool/cert/defaults/main.yml @@ -0,0 +1,2 @@ +--- +acmetool_reconcile_disabled: false diff --git a/roles/acmetool/cert/handlers/main.yml b/roles/acmetool/cert/handlers/main.yml index 3d6f1b76..a7fc43ed 100644 --- a/roles/acmetool/cert/handlers/main.yml +++ b/roles/acmetool/cert/handlers/main.yml @@ -1,5 +1,6 @@ --- - name: reconcile acmetool + when: not acmetool_reconcile_disabled systemd: name: acmetool.service state: started |