CCCHH/ansible-infra
CCCHH/ansible-infra
3
0
Fork 0
Code Issues 5 Pull requests Wiki Activity

Add lists.c3lingo.org

Browse source
This commit is contained in:
Stefan Bethke 2024-06-16 16:39:19 +02:00
parent ec400ed7d6
commit f67483fa46
4 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
inventories/chaosknoten/host_vars/lists.yaml
View file

@ -5,6 +5,7 @@ certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains: certbot__certificate_domains:
- "lists.hamburg.ccc.de" - "lists.hamburg.ccc.de"
- "lists.c3lingo.org"
certbot__new_cert_commands: certbot__new_cert_commands:
- "systemctl reload nginx.service" - "systemctl reload nginx.service"
@ -12,3 +13,5 @@ nginx__version_spec: ""
nginx__configurations: nginx__configurations:
- name: lists.hamburg.ccc.de - name: lists.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf') }}" content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf') }}"
- name: lists.c3lingo.org
content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf') }}"

1
playbooks/files/chaosknoten/configs/lists/compose/compose.yaml
View file

@ -40,6 +40,7 @@ services:
environment: environment:
- DATABASE_TYPE=postgres - DATABASE_TYPE=postgres
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86 - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
- SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt

26
playbooks/files/chaosknoten/configs/lists/nginx/lists.c3lingo.org.conf Normal file
View file

@ -0,0 +1,26 @@
server {
root /var/www/html;
server_name lists.c3lingo.org; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lists.c3lingo.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lists.c3lingo.org/privkey.pem; # managed by Certbot
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/lists.c3lingo.org/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
location /static {
alias /opt/mailman/web/static;
autoindex off;
}
location / {
uwsgi_pass localhost:8080;
include uwsgi_params;
uwsgi_read_timeout 300;
}
}

2
playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf
View file

@ -2,7 +2,7 @@ server {
root /var/www/html; root /var/www/html;
server_name lists.hamburg.ccc.de; # managed by Certbot server_name lists.hamburg.ccc.de; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot