Le hostname est paramétrable dans les host_vars
This commit is contained in:
parent
9a25151a57
commit
c4ec13fbd8
|
@ -28,5 +28,7 @@ Pour créer un compte, il suffit de le déclarer dans host_vars/fr.yml:
|
|||
- Meta
|
||||
- [ ] Rendre le playbook bootstrappable (ajouter des étapes intermédiaires pour éviter que nginx et certbot se mordent la queue sur une nouvelle install)
|
||||
- [ ] Traduire tout le playbook en français
|
||||
- [ ] Rendre le hostname paramétrable (pour pouvoir forker)
|
||||
- [x] Hostname paramétrable (pour pouvoir forker)
|
||||
- [ ] Certaines tâches devraient tourner seulement quand unE user est ajoutéE
|
||||
- [ ] Un playbook pour les updates? apt + cargo
|
||||
- [ ] Documenter le playbook
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
hostname: fr.tild3.org
|
||||
users:
|
||||
- name: tofu
|
||||
sudo: true
|
||||
|
|
|
@ -18,8 +18,8 @@ server {
|
|||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/fr.tild3.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/fr.tild3.org/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ hostname }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ hostname }}/privkey.pem;
|
||||
|
||||
server_name _;
|
||||
root /var/www/html;
|
|
@ -3,9 +3,9 @@ server {
|
|||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ user.name }}.fr.tild3.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ user.name }}.fr.tild3.org/privkey.pem;
|
||||
server_name {{ user.name }}.fr.tild3.org;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ user.name }}.{{ hostname }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ user.name }}.{{ hostname }}/privkey.pem;
|
||||
server_name {{ user.name }}.{{ hostname }};
|
||||
root /home/{{ user.name }}/public_html;
|
||||
index index.html;
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
- name: Generate main certificate
|
||||
command:
|
||||
creates: /etc/letsencrypt/live/fr.tild3.org/fullchain.pem
|
||||
cmd: certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d fr.tild3.org -d www.fr.tild3.org
|
||||
creates: /etc/letsencrypt/live/{{ hostname }}/fullchain.pem
|
||||
cmd: certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ hostname }} -d www.{{ hostname }}
|
||||
|
||||
- name: Generate user certificates
|
||||
command:
|
||||
creates: "/etc/letsencrypt/live/{{ item.name }}.fr.tild3.org/fullchain.pem"
|
||||
cmd: "certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ item.name }}.fr.tild3.org"
|
||||
creates: "/etc/letsencrypt/live/{{ item.name }}.{{ hostname }}/fullchain.pem"
|
||||
cmd: "certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ item.name }}.{{ hostname }}"
|
||||
loop: "{{ users }}"
|
||||
|
|
|
@ -1,21 +1,15 @@
|
|||
#This play configs apapche for us
|
||||
---
|
||||
- name: Deploy default site configuration
|
||||
template:
|
||||
src: ../files/default-site.conf.j2
|
||||
dest: /etc/nginx/sites-available/default-site.conf
|
||||
notify: reload nginx
|
||||
|
||||
#Sites
|
||||
- name: Prepare symlink for default site
|
||||
file:
|
||||
src: /etc/nginx/sites-available/default-site.conf
|
||||
dest: /etc/nginx/sites-enabled/default-site.conf
|
||||
state: link
|
||||
|
||||
- name: Deploy default site configuration
|
||||
copy:
|
||||
src: ../files/default-site.conf
|
||||
dest: /etc/nginx/sites-available/default-site.conf
|
||||
force: yes
|
||||
follow: no
|
||||
notify: reload nginx
|
||||
|
||||
- name: Deploy TLS config
|
||||
copy:
|
||||
src: ../files/ssl.conf
|
||||
|
|
Loading…
Reference in New Issue