CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Compare commits

base: CCCHH:0fb059e6bfe8d3f4812282b51fed0aec43091b84
Branches Tags
CCCHH:main
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops
..
compare: CCCHH:e53da90160beb8818e4805edc746ef38a9275e05
Branches Tags
CCCHH:feature/add-new-router
CCCHH:router-killing-turing
CCCHH:main
CCCHH:fux-alerts
CCCHH:ansible_pull
CCCHH:move_to_sops

No commits in common. "0fb059e6bfe8d3f4812282b51fed0aec43091b84" and "e53da90160beb8818e4805edc746ef38a9275e05" have entirely different histories.
0fb059e6bf ... e53da90160

15 changed files with 1 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventories/chaosknoten/host_vars/grafana.yaml
View file

@ -11,8 +11,6 @@ certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "grafana.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:

2
inventories/chaosknoten/host_vars/hackertours.yaml
View file

@ -5,8 +5,6 @@ certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "hackertours.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:

2
inventories/chaosknoten/host_vars/keycloak.yaml
View file

@ -6,8 +6,6 @@ certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "id.hamburg.ccc.de"
- "keycloak-admin.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:

2
inventories/chaosknoten/host_vars/lists.yaml
View file

@ -5,8 +5,6 @@ certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "lists.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:

2
inventories/chaosknoten/host_vars/mumble.yaml
View file

@ -5,8 +5,6 @@ certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "mumble.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:

2
inventories/chaosknoten/host_vars/onlyoffice.yaml
View file

@ -7,8 +7,6 @@ certbot__version_spec: ""
certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "onlyoffice.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/onlyoffice/compose.yaml.j2') }}"
docker_compose__configuration_files: [ ]

2
inventories/chaosknoten/host_vars/pad.yaml
View file

@ -5,8 +5,6 @@ certbot__version_spec: ""
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
certbot__certificate_domains:
- "pad.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
nginx__version_spec: ""
nginx__configurations:

2
inventories/chaosknoten/host_vars/wiki.yaml
View file

@ -10,5 +10,3 @@ certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
certbot__certificate_domains:
- "wiki.ccchh.net"
- "wiki.hamburg.ccc.de"
certbot__new_cert_commands:
- "systemctl reload nginx.service"

2
inventories/chaosknoten/host_vars/zammad.yaml
View file

@ -10,5 +10,3 @@ nginx__version_spec: ""
nginx__configurations:
- name: zammad.hamburg.ccc.de
content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/zammad/nginx/zammad.hamburg.ccc.de.conf') }}"
certbot__new_cert_commands:
- "systemctl reload nginx.service"

1
playbooks/roles/certbot/defaults/main.yaml
View file

@ -1,2 +1 @@
certbot__http_01_port: 31820
certbot__new_cert_commands: [ ]

8
playbooks/roles/certbot/meta/argument_specs.yaml
View file

@ -26,11 +26,3 @@ argument_specs:
type: str
required: false
default: 31820
certbot__new_cert_commands:
description: >-
A list of commands to execute after getting a new certificate.
Will be added into a bash script.
type: list
elements: str
required: false
default: [ ]

4
playbooks/roles/certbot/tasks/main.yaml
View file

@ -2,10 +2,6 @@
ansible.builtin.import_tasks:
file: main/install.yaml
- name: ensure new cert commands
ansible.builtin.import_tasks:
file: main/new_cert_commands.yaml
- name: ensure certificates
ansible.builtin.import_tasks:
file: main/certs.yaml

17
playbooks/roles/certbot/tasks/main/new_cert_commands.yaml
View file

@ -1,17 +0,0 @@
- name: ensure existence of renewal deploy hooks directory
ansible.builtin.file:
path: /etc/letsencrypt/renewal-hooks/deploy
state: directory
owner: root
group: root
mode: "0755"
become: true
- name: ensure renewal deploy hook commands
ansible.builtin.template:
src: renewal_deploy_hook_commands.sh.j2
dest: /etc/letsencrypt/renewal-hooks/deploy/ansible_commands.sh
owner: root
group: root
mode: "0770"
become: true

4
playbooks/roles/certbot/templates/renewal_deploy_hook_commands.sh.j2
View file

@ -1,4 +0,0 @@
#!/bin/bash
{% for command in certbot__new_cert_commands %}
{{ command }}
{% endfor %}

2
playbooks/roles/nextcloud/meta/main.yaml
View file

@ -6,8 +6,6 @@ dependencies:
certbot__acme_account_email_address: "{{ nextcloud__certbot_acme_account_email_address }}"
certbot__certificate_domains:
- "{{ nextcloud__fqdn }}"
certbot__new_cert_commands:
- "systemctl reload nginx.service"
- role: nginx
vars:
nginx__version_spec: "{{ nextcloud__nginx_version_spec }}"