certbot für mumble dazu

2024-01-23 21:24:31 +01:00 · 2024-01-23 21:24:31 +01:00 · 5c4ee01e71
parent 4363b3d040
commit 5c4ee01e71
5 changed files with 27 additions and 1 deletions
--- a/inventories/chaosknoten/host_vars/mumble.yaml
+++ b/inventories/chaosknoten/host_vars/mumble.yaml
@ -0,0 +1,13 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/compose/compose.yaml') }}"
+docker_compose__configuration_files: [ ]
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
+certbot__certificate_domains:
+  - "mumble.hamburg.ccc.de"
+certbot__http_01_port: 80
+
+nginx__version_spec: ""
+nginx__configurations:
+  - name: mumble.hamburg.ccc.de
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/mumble.hamburg.ccc.de.conf') }}"
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -24,6 +24,10 @@ all:
          ansible_host: lists.hamburg.ccc.de
          ansible_port: 42666
          ansible_user: chaos
+        mumble:
+          ansible_host: mumble.hamburg.ccc.de
+          ansible_port: 42666
+          ansible_user: chaos
        onlyoffice:
          ansible_host: onlyoffice-intern.hamburg.ccc.de
          ansible_user: chaos
@ -82,6 +86,7 @@ all:
        hackertours:
        keycloak:
        lists:
+        mumble:
        onlyoffice:
        pad:
        wiki:
--- a/playbooks/roles/certbot/defaults/main.yaml
+++ b/playbooks/roles/certbot/defaults/main.yaml
@ -0,0 +1 @@
+certbot__http_01_port: 31820
--- a/playbooks/roles/certbot/meta/argument_specs.yaml
+++ b/playbooks/roles/certbot/meta/argument_specs.yaml
@ -19,3 +19,10 @@ argument_specs:
        type: list
        elements: str
        required: true
+      certbot__http_01_port:
+        description: |
+          The port number the bot listens on. Must be 80 if directly exposed to the internet.
+          Default is 31820 for the public-reverse-proxy setup.
+        type: str
+        required: false
+        default: 31820
--- a/playbooks/roles/certbot/tasks/main/cert.yaml
+++ b/playbooks/roles/certbot/tasks/main/cert.yaml
@ -6,7 +6,7 @@
  register: certbot__cert_expiry_before

 - name: obtain the certificate using certbot
-  ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}"
+  ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port "{{ certbot__http_01_port }}" -d "{{ item }}"
  become: true
  changed_when: false