From b277d5f0ae14ba33afaf139c7cc9ad2212564c2e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 22 Aug 2023 19:38:47 +0200 Subject: some more cleanup for acme specific variables --- chaos-at-home/ch-mimas.yml | 2 +- chaos-at-home/ch-pan.yml | 2 +- chaos-at-home/r3-0x10.yml | 2 +- inventory/group_vars/all/vars.yml | 2 -- inventory/host_vars/ch-mimas.yml | 2 ++ inventory/host_vars/ele-coturn.yml | 8 +++++++- inventory/host_vars/ele-jitsi.yml | 3 +++ inventory/host_vars/ele-lt.yml | 1 + inventory/host_vars/ele-media.yml | 1 + inventory/host_vars/glt-coturn.yml | 9 ++++++++- inventory/host_vars/glt-meet1.yml | 2 ++ inventory/host_vars/glt-meet2.yml | 2 ++ inventory/host_vars/sk-cloudio/coturn.yml | 4 +++- inventory/host_vars/sk-cloudio/vars.yml | 1 + inventory/host_vars/sk-tomnext-nc.yml | 1 + roles/apps/coturn/defaults/main.yml | 2 +- roles/gitolite/base/defaults/main.yml | 2 ++ roles/gitolite/http/tasks/main.yml | 3 +-- spreadspace/glt-stream.yml | 2 +- spreadspace/sgg-icecast.yml | 4 ++-- 20 files changed, 41 insertions(+), 14 deletions(-) diff --git a/chaos-at-home/ch-mimas.yml b/chaos-at-home/ch-mimas.yml index d486023b..fec7b0e5 100644 --- a/chaos-at-home/ch-mimas.yml +++ b/chaos-at-home/ch-mimas.yml @@ -45,7 +45,7 @@ name: pub template: generic tls: - certificate_provider: "{{ acme_client }}" + certificate_provider: acmetool hostnames: - pub.chaos-at-home.org locations: diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml index b4106680..bccd9ca5 100644 --- a/chaos-at-home/ch-pan.yml +++ b/chaos-at-home/ch-pan.yml @@ -44,7 +44,7 @@ hostnames: - dyn.schaaas.at tls: - certificate_provider: "{{ acme_client }}" + certificate_provider: acmetool logs: access: /var/log/nginx/dyn-schaaas_access.log error: /var/log/nginx/dyn-schaaas_error.log diff --git a/chaos-at-home/r3-0x10.yml b/chaos-at-home/r3-0x10.yml index 5e30abec..267bc596 100644 --- a/chaos-at-home/r3-0x10.yml +++ b/chaos-at-home/r3-0x10.yml @@ -34,7 +34,7 @@ name: 0x10 template: generic tls: - certificate_provider: "{{ acme_client }}" + certificate_provider: acmetool hostnames: - 0x10.r3.at - 0x10.realraum.at diff --git a/inventory/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml index 09eba1cf..f72f71ef 100644 --- a/inventory/group_vars/all/vars.yml +++ b/inventory/group_vars/all/vars.yml @@ -129,5 +129,3 @@ acme_directory_server: "{{ acme_directory_server_le_staging_v2 }}" ## at least acmetool can't be used to change this after the account has been created (aka after the first run) ## and it's not recommended to keep this empty so we don't define it here to force the user to define it # acme_account_email: - -acme_client: acmetool diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index fc3e6aae..710e4961 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -159,6 +159,8 @@ gitolite_instances: - git.spreadspace.com - git.spreadspace.net - git.spreadspace.systems + tls: + certificate_provider: acmetool enable_git_backend: yes title: spreadspace description: spreadspace GIT Repoistories diff --git a/inventory/host_vars/ele-coturn.yml b/inventory/host_vars/ele-coturn.yml index ad865e1c..ebfbe2aa 100644 --- a/inventory/host_vars/ele-coturn.yml +++ b/inventory/host_vars/ele-coturn.yml @@ -24,6 +24,7 @@ spreadspace_apt_repo_components: - container acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" +acme_client: acmetool kubernetes_version: 1.27.3 @@ -34,7 +35,7 @@ kubernetes_standalone_pod_cidr: 192.168.255.0/24 kubernetes_standalone_cni_variant: with-portmap -coturn_version: 4.5.2-r2 +coturn_version: 4.6.2-r4 coturn_realm: elev8.at coturn_hostnames: - stun.elev8.at @@ -44,6 +45,8 @@ coturn_auth_secret: "{{ vault_coturn_auth_secret }}" coturn_listening_port: 3478 coturn_tls_listening_port: 443 coturn_install_nginx_vhost: no +coturn_tls: + certificate_provider: "{{ acme_client }}" mumble_version: v1.4.274-4 @@ -53,6 +56,9 @@ mumble_hostnames: mumble_superuser_password: "{{ vault_mumble_superuser_password }}" +mumble_tls: + certificate_provider: "{{ acme_client }}" + mumble_config_options: bonjour: false sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" diff --git a/inventory/host_vars/ele-jitsi.yml b/inventory/host_vars/ele-jitsi.yml index c7520247..e23dc2c9 100644 --- a/inventory/host_vars/ele-jitsi.yml +++ b/inventory/host_vars/ele-jitsi.yml @@ -29,6 +29,7 @@ ssh_users_root: - datacop acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" +acme_client: acmetool kubernetes_version: 1.27.3 @@ -81,6 +82,8 @@ mumble_version: v1.4.274-4 mumble_instance: elev8.at mumble_hostnames: - mumble.elev8.at +mumble_tls: + certificate_provider: "{{ acme_client }}" mumble_superuser_password: "{{ vault_mumble_superuser_password }}" diff --git a/inventory/host_vars/ele-lt.yml b/inventory/host_vars/ele-lt.yml index a53141e0..6389db1d 100644 --- a/inventory/host_vars/ele-lt.yml +++ b/inventory/host_vars/ele-lt.yml @@ -29,6 +29,7 @@ liquidtruth_mongodb_app_password: "{{ vault_liquidtruth_mongodb_app_password }}" acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" +acme_client: acmetool liquidtruth_hostnames: # - liquidtruth.at diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml index e17947ff..a82ca897 100644 --- a/inventory/host_vars/ele-media.yml +++ b/inventory/host_vars/ele-media.yml @@ -112,6 +112,7 @@ wireguard_gateway_tunnels: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" +acme_client: acmetool elevate_media_share_storage: diff --git a/inventory/host_vars/glt-coturn.yml b/inventory/host_vars/glt-coturn.yml index c0bcbb0f..4a84c31f 100644 --- a/inventory/host_vars/glt-coturn.yml +++ b/inventory/host_vars/glt-coturn.yml @@ -17,6 +17,9 @@ kubelet_storage: spreadspace_apt_repo_components: - container +acme_client: acmetool + + kubernetes_version: 1.27.3 kubernetes_cri_tools_pkg_version: 1.26.0-00 kubernetes_container_runtime: docker @@ -25,7 +28,7 @@ kubernetes_standalone_pod_cidr: 192.168.255.0/24 kubernetes_standalone_cni_variant: with-portmap -coturn_version: 4.5.2-r2 +coturn_version: 4.6.2-r4 coturn_realm: linuxtage.at coturn_hostnames: - cdn13.linuxtage.at @@ -34,12 +37,16 @@ coturn_auth_secret: "{{ vault_coturn_auth_secret }}" coturn_listening_port: 3478 coturn_tls_listening_port: 443 coturn_install_nginx_vhost: no +coturn_tls: + certificate_provider: "{{ acme_client }}" mumble_version: v1.4.274-4 mumble_instance: linuxtage.at mumble_hostnames: - mumble.linuxtage.at +mumble_tls: + certificate_provider: "{{ acme_client }}" mumble_superuser_password: "{{ vault_mumble_superuser_password }}" diff --git a/inventory/host_vars/glt-meet1.yml b/inventory/host_vars/glt-meet1.yml index 6ce86abf..d5ec9b5f 100644 --- a/inventory/host_vars/glt-meet1.yml +++ b/inventory/host_vars/glt-meet1.yml @@ -17,6 +17,8 @@ kubelet_storage: spreadspace_apt_repo_components: - container +acme_client: acmetool + kubernetes_version: 1.27.3 kubernetes_cri_tools_pkg_version: 1.26.0-00 diff --git a/inventory/host_vars/glt-meet2.yml b/inventory/host_vars/glt-meet2.yml index c9093da3..0a757e2d 100644 --- a/inventory/host_vars/glt-meet2.yml +++ b/inventory/host_vars/glt-meet2.yml @@ -17,6 +17,8 @@ kubelet_storage: spreadspace_apt_repo_components: - container +acme_client: acmetool + kubernetes_version: 1.27.3 kubernetes_cri_tools_pkg_version: 1.26.0-00 diff --git a/inventory/host_vars/sk-cloudio/coturn.yml b/inventory/host_vars/sk-cloudio/coturn.yml index 8a9eccd7..1ab00b49 100644 --- a/inventory/host_vars/sk-cloudio/coturn.yml +++ b/inventory/host_vars/sk-cloudio/coturn.yml @@ -1,11 +1,13 @@ --- coturn_base_path: /srv/storage/coturn -coturn_version: 4.5.2-r8 +coturn_version: 4.6.2-r4 coturn_realm: elevate.at coturn_hostnames: - stun.elevate.at - turn.elevate.at +coturn_tls: + certificate_provider: "{{ acme_client }}" coturn_max_bps: 1048576 ## 8Mbit/s coturn_bps_capacity: 13107200 ## 100Mbit/s diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index 9165699e..80772c5c 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -90,3 +90,4 @@ postfix_base_inet_protocols: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" +acme_client: acmetool diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index 47447048..f8af167f 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -105,6 +105,7 @@ postfix_base_mynetworks: acme_directory_server: "{{ acme_directory_server_le_live_v2 }}" +acme_client: acmetool nginx_server_names_hash_bucket_size: 64 diff --git a/roles/apps/coturn/defaults/main.yml b/roles/apps/coturn/defaults/main.yml index 709d3d07..760a6499 100644 --- a/roles/apps/coturn/defaults/main.yml +++ b/roles/apps/coturn/defaults/main.yml @@ -3,7 +3,7 @@ coturn_uid: 930 coturn_gid: 930 coturn_base_path: /srv/coturn -# coturn_version: 4.5.2-r2 +# coturn_version: 4.6.2-r4 # coturn_realm: example.com # coturn_hostnames: # - stun.example.com diff --git a/roles/gitolite/base/defaults/main.yml b/roles/gitolite/base/defaults/main.yml index 1c5962cc..3c2e8fa3 100644 --- a/roles/gitolite/base/defaults/main.yml +++ b/roles/gitolite/base/defaults/main.yml @@ -15,3 +15,5 @@ gitolite_base_path: /srv/git # title: cgit root title # description: this will be shown by cgit below the title # logo: path/to/logo/file/on/ansible/controller.png +# tls: +# certificate_provider: "{{ acme_client }}" diff --git a/roles/gitolite/http/tasks/main.yml b/roles/gitolite/http/tasks/main.yml index fdc86d66..ee5b226c 100644 --- a/roles/gitolite/http/tasks/main.yml +++ b/roles/gitolite/http/tasks/main.yml @@ -98,8 +98,7 @@ nginx_vhost: name: "gitolite-{{ gitolite_instance }}" template: generic - tls: - certificate_provider: "{{ acme_client }}" + tls: "{{ gitolite_instances[gitolite_instance].http.tls }}" hostnames: "{{ gitolite_instances[gitolite_instance].http.hostnames }}" logs: access: "/var/log/nginx/git-{{ gitolite_instance }}_access.log" diff --git a/spreadspace/glt-stream.yml b/spreadspace/glt-stream.yml index 063baba8..e355d126 100644 --- a/spreadspace/glt-stream.yml +++ b/spreadspace/glt-stream.yml @@ -30,7 +30,7 @@ name: stream template: generic tls: - certificate_provider: "{{ acme_client }}" + certificate_provider: acmetool hostnames: - stream.linuxtage.at extra_directives: |- diff --git a/spreadspace/sgg-icecast.yml b/spreadspace/sgg-icecast.yml index 69dbc883..4c6d61c4 100644 --- a/spreadspace/sgg-icecast.yml +++ b/spreadspace/sgg-icecast.yml @@ -33,7 +33,7 @@ name: radio template: generic tls: - certificate_provider: "{{ acme_client }}" + certificate_provider: acmetool hostnames: - radiogloria.at - www.radiogloria.at @@ -50,7 +50,7 @@ name: radio-stream template: generic tls: - certificate_provider: "{{ acme_client }}" + certificate_provider: acmetool hostnames: - live.radiogloria.at locations: -- cgit v1.2.3