commit 8a49007753ea972ac5654a1404163fb31443290d
parent f17cf1783dea06760c60695ed1d9963b28a7166c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 23 Feb 2021 21:20:35 +0100
parent f17cf1783dea06760c60695ed1d9963b28a7166c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 23 Feb 2021 21:20:35 +0100
roles/acme-redirect: use camelCase-vars and better defaults
7 files changed, 51 insertions(+), 84 deletions(-)
diff --git a/configuration/joguhrtbecher.yml b/configuration/joguhrtbecher.yml @@ -140,15 +140,11 @@ services: acme_url: https://api.buypass.com/acme/directory certs: joguhrtbecher.ctu.cx: - dns_names: - - joguhrtbecher.ctu.cx renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/joguhrtbecher.ctu.cx + - systemctl restart nginx syncthing.joguhrtbecher.ctu.cx: - dns_names: - - syncthing.joguhrtbecher.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.joguhrtbecher.ctu.cx + renewTasks: + - systemctl restart nginx nginx:
diff --git a/configuration/lollo.yml b/configuration/lollo.yml @@ -180,23 +180,22 @@ services: renew_if_days_left: 30 certs: lollo.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/lollo.ctu.cx + renewTasks: + - systemctl restart nginx syncthing.lollo.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.lollo.ctu.cx + renewTasks: + - systemctl restart nginx home.ctu.cx: - dns_names: - - home.ctu.cx + extraDnsNames: - legacy.home.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/home.ctu.cx + renewTasks: + - systemctl restart nginx dnsmasq.home.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/dnsmasq.home.ctu.cx + renewTasks: + - systemctl restart nginx influx.home.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/influx.home.ctu.cx + renewTasks: + - systemctl restart nginx php_fpm: enable: true @@ -231,17 +230,12 @@ services: index index.html index.php; try_files $uri $uri/ /index.php?$query_string; " + enablePhpSupport: true + phpSocket: /run/php-fpm/php-fpm.sock ssl: enable: true cert: "/var/lib/acme-redirect/live/dnsmasq.home.ctu.cx/fullchain" privkey: "/var/lib/acme-redirect/live/dnsmasq.home.ctu.cx/privkey" - locations: - - path: ~ \.php$ - extraConfig: " - fastcgi_pass unix:/run/php-fpm/php-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - " hostapd: enable: false
diff --git a/configuration/taurus.yml b/configuration/taurus.yml @@ -75,22 +75,13 @@ services: acme_url: https://api.buypass.com/acme/directory certs: taurus.ctu.cx: - dns_names: - - taurus.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/taurus.ctu.cx + renewTasks: - sudo rc-service nginx restart syncthing.taurus.ctu.cx: - dns_names: - - syncthing.taurus.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.taurus.ctu.cx + renewTasks: - sudo rc-service nginx restart photos.ctu.cx: - dns_names: - - photos.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/photo.ctu.cx + renewTasks: - sudo rc-service nginx restart nginx:
diff --git a/configuration/wanderduene.yml b/configuration/wanderduene.yml @@ -118,69 +118,54 @@ services: acme_url: https://api.buypass.com/acme/directory certs: ctucx.de: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/ctucx.de + renewTasks: - sudo rc-service nginx restart ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/ctu.cx + renewTasks: - sudo rc-service nginx restart wanderduene.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/wanderduene.ctu.cx + renewTasks: - sudo rc-service nginx restart - sudo rc-service maddy restart matrix.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/matrix.ctu.cx + renewTasks: - sudo rc-service nginx restart dav.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/dav.ctu.cx + renewTasks: - sudo rc-service nginx restart cgit.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/cgit.ctu.cx + renewTasks: - sudo rc-service nginx restart fbexporter.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/fbexporter.ctu.cx + renewTasks: - sudo rc-service nginx restart prometheus.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/prometheus.ctu.cx + renewTasks: - sudo rc-service nginx restart grafana.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/grafana.ctu.cx + renewTasks: - sudo rc-service nginx restart pleroma.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/pleroma.ctu.cx + renewTasks: - sudo rc-service nginx restart frp.ctu.cx: - dns_names: - - frp.ctu.cx + extraDnsNames: - stasicontainer-mac.frp.ctu.cx - stasicontainer.frp.ctu.cx - coladose.frp.ctu.cx - toaster.frp.ctu.cx - isa.frp.ctu.cx - isa-mac.frp.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/frp.ctu.cx + renewTasks: - sudo rc-service nginx restart oeffi.ctu.cx: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/oeffi.ctu.cx + renewTasks: - sudo rc-service nginx restart repo.f2k1.de: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/repo.f2k1.de + renewTasks: - sudo rc-service nginx restart oeffisear.ch: - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/oeffisear.ch + renewTasks: - sudo rc-service nginx restart nginx: @@ -233,17 +218,13 @@ services: add_header "access-control-allow-origin" "*"; ' - path: "/drucken" + directoryListing: true extraConfig: ' - autoindex on; - autoindex_exact_size off; auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/passwd/print; ' - path: "/cypro-dispenser" - extraConfig: ' - autoindex on; - autoindex_exact_size off; - ' + directoryListing: true repo.f2k1.de: ssl: enable: true
diff --git a/roles/acme-redirect/tasks/main.yml b/roles/acme-redirect/tasks/main.yml @@ -1,27 +1,32 @@ --- -- include: install.yml +- import_tasks: checks.yml when: - services.acme_redirect.enable is defined - services.acme_redirect.enable is true -- include: configure.yml +- import_tasks: install.yml when: - services.acme_redirect.enable is defined - services.acme_redirect.enable is true -- include: firewall.yml +- import_tasks: configure.yml + when: + - services.acme_redirect.enable is defined + - services.acme_redirect.enable is true + +- import_tasks: firewall.yml when: - services.acme_redirect.enable is defined - services.acme_redirect.enable is true - network.nftables.enable is true -- include: start.yml +- import_tasks: start.yml when: - services.acme_redirect.enable is defined - services.acme_redirect.enable is true -- include: remove.yml +- import_tasks: remove.yml when: - services.acme_redirect.enable is defined - services.acme_redirect.enable is false
diff --git a/roles/acme-redirect/templates/acme-redirect-general.conf.j2 b/roles/acme-redirect/templates/acme-redirect-general.conf.j2 @@ -4,5 +4,5 @@ [acme] acme_email = "{{ services.acme_redirect.email }}" -acme_url = "{{ services.acme_redirect.acme_url }}" +acme_url = "{{ services.acme_redirect.acme_url | default("https://acme-v02.api.letsencrypt.org/directory") }}" renew_if_days_left = {{ services.acme_redirect.renew_if_days_left | default(30) }} \ No newline at end of file
diff --git a/roles/acme-redirect/templates/acme-redirect.conf.j2 b/roles/acme-redirect/templates/acme-redirect.conf.j2 @@ -5,16 +5,16 @@ [cert] name = "{{ item.key }}" dns_names = [ + "{{ item.key }}", {% if item.value.dns_names is defined %} -{% for domain in item.value.dns_names %} +{% for domain in item.value.extraDnsNames %} "{{ domain }}", {% endfor %} -{% else %} - "{{ item.key }}", {% endif %} ] exec = [ -{% for task in item.value.renew_tasks %} + "chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/{{ item.key }}", +{% for task in item.value.renewTasks %} "{{ task }}", {% endfor %} ]