From 33890cacb183b69bf0032fd3dbd41b9c20cab4b1 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 12 Sep 2023 00:41:07 +0200
Subject: x509/certificates: generic config handling

---
 chaos-at-home/ch-http-proxy.yml | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'chaos-at-home')

diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index 24fd6f92..cab4e450 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -49,16 +49,16 @@
         template: generic
         tls:
           certificate_provider: acmetool
+          certificate_config:
+            request:
+              challenge:
+                http-self-test: false
         hostnames:
         - web.chaos-at-home.org
         locations:
           '/':
             root: /var/www/default
             index: index.html
-      acmetool_cert_config:
-        request:
-          challenge:
-            http-self-test: false
     include_role:
       name: nginx/vhost
 
@@ -115,6 +115,10 @@
         template: generic
         tls:
           certificate_provider: acmetool
+          certificate_config:
+            request:
+              challenge:
+                http-self-test: false
         hostnames:
         - passwd.chaos-at-home.org
         locations:
@@ -123,10 +127,6 @@
             proxy_ssl:
               verify: "on"
               trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
-      acmetool_cert_config:
-        request:
-          challenge:
-            http-self-test: false
     include_role:
       name: nginx/vhost
 
@@ -183,6 +183,10 @@
         template: generic
         tls:
           certificate_provider: acmetool
+          certificate_config:
+            request:
+              challenge:
+                http-self-test: false
         hostnames:
         - webmail.chaos-at-home.org
         locations:
@@ -195,10 +199,6 @@
               ciphers: "DEFAULT@SECLEVEL=0"
             extra_directives: |-
               client_max_body_size 200M;
-      acmetool_cert_config:
-        request:
-          challenge:
-            http-self-test: false
     include_role:
       name: nginx/vhost
 
@@ -209,6 +209,10 @@
         template: generic
         tls:
           certificate_provider: acmetool
+          certificate_config:
+            request:
+              challenge:
+                http-self-test: false
         hostnames:
         - webdav.chaos-at-home.org
         locations:
@@ -219,10 +223,6 @@
               trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
               protocols: TLSv1
               ciphers: "DEFAULT@SECLEVEL=0"
-      acmetool_cert_config:
-        request:
-          challenge:
-            http-self-test: false
     include_role:
       name: nginx/vhost
 
-- 
cgit v1.2.3