CCCHH/ansible-infra
CCCHH/ansible-infra
3
0
Fork 0
Code Issues 5 Pull requests Wiki Activity

certbot für mumble dazu

Browse source
This commit is contained in:
Stefan Bethke 2024-01-23 21:24:31 +01:00
parent 4363b3d040
commit 5c4ee01e71
5 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
inventories/chaosknoten/host_vars/mumble.yaml Normal file
View file

@ -0,0 +1,13 @@
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/compose/compose.yaml') }}"
docker_compose__configuration_files: [ ]
certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "mumble.hamburg.ccc.de"
certbot__http_01_port: 80
nginx__version_spec: ""
nginx__configurations:
- name: mumble.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/mumble.hamburg.ccc.de.conf') }}"

5
inventories/chaosknoten/hosts.yaml
View file

@ -24,6 +24,10 @@ all:
ansible_host: lists.hamburg.ccc.de ansible_host: lists.hamburg.ccc.de
ansible_port: 42666 ansible_port: 42666
ansible_user: chaos ansible_user: chaos
mumble:
ansible_host: mumble.hamburg.ccc.de
ansible_port: 42666
ansible_user: chaos
onlyoffice: onlyoffice:
ansible_host: onlyoffice-intern.hamburg.ccc.de ansible_host: onlyoffice-intern.hamburg.ccc.de
ansible_user: chaos ansible_user: chaos
@ -82,6 +86,7 @@ all:
hackertours: hackertours:
keycloak: keycloak:
lists: lists:
mumble:
onlyoffice: onlyoffice:
pad: pad:
wiki: wiki:

1
playbooks/roles/certbot/defaults/main.yaml Normal file
View file

@ -0,0 +1 @@
certbot__http_01_port: 31820

7
playbooks/roles/certbot/meta/argument_specs.yaml
View file

@ -19,3 +19,10 @@ argument_specs:
type: list type: list
elements: str elements: str
required: true required: true
certbot__http_01_port:
description: |
The port number the bot listens on. Must be 80 if directly exposed to the internet.
Default is 31820 for the public-reverse-proxy setup.
type: str
required: false
default: 31820

2
playbooks/roles/certbot/tasks/main/cert.yaml
View file

@ -6,7 +6,7 @@
register: certbot__cert_expiry_before register: certbot__cert_expiry_before
- name: obtain the certificate using certbot - name: obtain the certificate using certbot
ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port 31820 -d "{{ item }}" ansible.builtin.command: /usr/bin/certbot certonly --keep-until-expiring --agree-tos --non-interactive --email "{{ certbot__acme_account_email_address }}" --no-eff-email --standalone --http-01-port "{{ certbot__http_01_port }}" -d "{{ item }}"
become: true become: true
changed_when: false changed_when: false