From c4ec13fbd854d4ad63c3e251c3b4627bc888d780 Mon Sep 17 00:00:00 2001
From: southerntofu <southerntofu@thunix.net>
Date: Sun, 12 Apr 2020 16:50:08 +0000
Subject: [PATCH] =?UTF-8?q?Le=20hostname=20est=20param=C3=A9trable=20dans?=
 =?UTF-8?q?=20les=20host=5Fvars?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                                        |  4 +++-
 host_vars/fr.yml                                 |  1 +
 .../{default-site.conf => default-site.conf.j2}  |  4 ++--
 roles/webserver/files/users.conf.j2              |  6 +++---
 roles/webserver/tasks/certbot.yml                |  8 ++++----
 roles/webserver/tasks/nginx.yml                  | 16 +++++-----------
 6 files changed, 18 insertions(+), 21 deletions(-)
 rename roles/webserver/files/{default-site.conf => default-site.conf.j2} (80%)

diff --git a/README.md b/README.md
index 42a9757..f15f339 100644
--- a/README.md
+++ b/README.md
@@ -28,5 +28,7 @@ Pour créer un compte, il suffit de le déclarer dans host_vars/fr.yml:
 - Meta
   - [ ] Rendre le playbook bootstrappable (ajouter des étapes intermédiaires pour éviter que nginx et certbot se mordent la queue sur une nouvelle install)
   - [ ] Traduire tout le playbook en français
-  - [ ] Rendre le hostname paramétrable (pour pouvoir forker)
+  - [x] Hostname paramétrable (pour pouvoir forker)
   - [ ] Certaines tâches devraient tourner seulement quand unE user est ajoutéE
+  - [ ] Un playbook pour les updates? apt + cargo
+  - [ ] Documenter le playbook
diff --git a/host_vars/fr.yml b/host_vars/fr.yml
index c9b07d3..2c0da12 100644
--- a/host_vars/fr.yml
+++ b/host_vars/fr.yml
@@ -1,3 +1,4 @@
+hostname: fr.tild3.org
 users:
   - name: tofu
     sudo: true
diff --git a/roles/webserver/files/default-site.conf b/roles/webserver/files/default-site.conf.j2
similarity index 80%
rename from roles/webserver/files/default-site.conf
rename to roles/webserver/files/default-site.conf.j2
index 01ca0d5..110833b 100644
--- a/roles/webserver/files/default-site.conf
+++ b/roles/webserver/files/default-site.conf.j2
@@ -18,8 +18,8 @@ server {
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;
 
-    ssl_certificate /etc/letsencrypt/live/fr.tild3.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/fr.tild3.org/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/{{ hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ hostname }}/privkey.pem;
 
     server_name _;
     root /var/www/html;
diff --git a/roles/webserver/files/users.conf.j2 b/roles/webserver/files/users.conf.j2
index 5ede32c..ff85aee 100644
--- a/roles/webserver/files/users.conf.j2
+++ b/roles/webserver/files/users.conf.j2
@@ -3,9 +3,9 @@ server {
     listen 443 ssl;
     listen [::]:443 ssl;
 
-    ssl_certificate /etc/letsencrypt/live/{{ user.name }}.fr.tild3.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ user.name }}.fr.tild3.org/privkey.pem;
-    server_name {{ user.name }}.fr.tild3.org;
+    ssl_certificate /etc/letsencrypt/live/{{ user.name }}.{{ hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ user.name }}.{{ hostname }}/privkey.pem;
+    server_name {{ user.name }}.{{ hostname }};
     root /home/{{ user.name }}/public_html;
     index index.html;
 
diff --git a/roles/webserver/tasks/certbot.yml b/roles/webserver/tasks/certbot.yml
index 28202fe..c5119f6 100644
--- a/roles/webserver/tasks/certbot.yml
+++ b/roles/webserver/tasks/certbot.yml
@@ -1,10 +1,10 @@
 - name: Generate main certificate
   command:
-    creates: /etc/letsencrypt/live/fr.tild3.org/fullchain.pem
-    cmd: certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d fr.tild3.org -d www.fr.tild3.org
+    creates: /etc/letsencrypt/live/{{ hostname }}/fullchain.pem
+    cmd: certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ hostname }} -d www.{{ hostname }}
 
 - name: Generate user certificates
   command:
-      creates: "/etc/letsencrypt/live/{{ item.name }}.fr.tild3.org/fullchain.pem"
-      cmd: "certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ item.name }}.fr.tild3.org"
+      creates: "/etc/letsencrypt/live/{{ item.name }}.{{ hostname }}/fullchain.pem"
+      cmd: "certbot certonly --non-interactive --agree-tos --webroot -w /var/www/html -d {{ item.name }}.{{ hostname }}"
   loop: "{{ users }}"
diff --git a/roles/webserver/tasks/nginx.yml b/roles/webserver/tasks/nginx.yml
index a32a84e..e9508e4 100644
--- a/roles/webserver/tasks/nginx.yml
+++ b/roles/webserver/tasks/nginx.yml
@@ -1,21 +1,15 @@
-#This play configs apapche for us
----
+- name: Deploy default site configuration
+  template:
+    src: ../files/default-site.conf.j2
+    dest: /etc/nginx/sites-available/default-site.conf
+  notify: reload nginx
 
-#Sites
 - name: Prepare symlink for default site
   file:
     src: /etc/nginx/sites-available/default-site.conf
     dest: /etc/nginx/sites-enabled/default-site.conf
     state: link
 
-- name: Deploy default site configuration
-  copy:
-    src: ../files/default-site.conf
-    dest: /etc/nginx/sites-available/default-site.conf
-    force: yes
-    follow: no
-  notify: reload nginx
-
 - name: Deploy TLS config
   copy:
     src: ../files/ssl.conf