feat: add site for testing Let's Encrypt automation

5 files changed, 83 insertions, 0 deletions

diff --git a/ansible/letest.hz b/ansible/letest.hz
new file mode 100644
index 0000000..919af09
--- /dev/null
+++ b/ansible/letest.hz
@@ -0,0 +1,5 @@
+defaults:
+  type: cx11
+  image: debian-10
+hosts:
+  - name: letest
diff --git a/ansible/letest.yml b/ansible/letest.yml
new file mode 100644
index 0000000..853325a
--- /dev/null
+++ b/ansible/letest.yml
@@ -0,0 +1,17 @@
+- hosts: letest
+  remote_user: root
+  roles:
+#    - sane_debian_system
+#    - comfortable-debian-system
+#    - self-updating-system
+    - letest
+  vars:
+    hostname: letest
+    debian_codename: buster
+    debian_mirror: deb.debian.org
+
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        authorized_keys: |
+          {{ liw_ssh_pub }}
diff --git a/ansible/roles/letest/files/vmhost b/ansible/roles/letest/files/vmhost
new file mode 100644
index 0000000..dea35c0
--- /dev/null
+++ b/ansible/roles/letest/files/vmhost
@@ -0,0 +1,10 @@
+<VirtualHost *:80>
+    ServerName letest-letest.vm.liw.fi
+    ServerAdmin liw@liw.fi
+    DocumentRoot /srv/http/letest
+    ErrorLog /var/log/apache2/letest/error.log
+    CustomLog /var/log/apache2/letest/access.log combined
+    <Directory /srv/http/letest>
+        Require all granted
+    </Directory>
+</VirtualHost>
diff --git a/ansible/roles/letest/files/vmhost-tls b/ansible/roles/letest/files/vmhost-tls
new file mode 100644
index 0000000..4dd19e1
--- /dev/null
+++ b/ansible/roles/letest/files/vmhost-tls
@@ -0,0 +1,14 @@
+<VirtualHost _default_:443>
+    ServerName letest-letest.vm.liw.fi
+    ServerAdmin liw@liw.fi
+    DocumentRoot /srv/http/letest
+    ErrorLog /var/log/apache2/letest/error.log
+    CustomLog /var/log/apache2/letest/access.log combined
+    <Directory /srv/http/letest>
+        Require all granted
+    </Directory>
+
+    SSLEngine on
+    SSLCertificateFile  "/etc/letsencrypt/live/cert1/fullchain.pem"
+    SSLCertificateKeyFile "/etc/letsencrypt/live/cert1/privkey.pem"
+</VirtualHost>
diff --git a/ansible/roles/letest/tasks/main.yml b/ansible/roles/letest/tasks/main.yml
new file mode 100644
index 0000000..d36db3b
--- /dev/null
+++ b/ansible/roles/letest/tasks/main.yml
@@ -0,0 +1,37 @@
+- apt:
+    name:
+      - apache2
+      - certbot
+- file:
+    state: directory
+    path: /srv/http/letest
+- file:
+    state: directory
+    path: /var/log/apache2/letest
+- copy:
+    content: |
+      letest
+    dest: /srv/http/letest/index.html
+- copy:
+    src: vmhost
+    dest: /etc/apache2/sites-available/letest.conf
+- copy:
+    src: vmhost-tls
+    dest: /etc/apache2/sites-available/letest-tls.conf
+- shell: |
+    a2ensite --quiet letest
+    systemctl restart apache2
+    a2enmod --quiet ssl
+    if ! [ -e /etc/letencrypt/live ]; then
+        certbot certonly \
+          --webroot \
+          --webroot-path /srv/http/letest \
+          --noninteractive \
+          --email liw@liw.fi \
+          --agree-tos \
+          --expand \
+          --cert-name cert1 \
+          -d letest-letest.vm.liw.fi
+    fi
+    a2ensite --quiet letest-tls
+    systemctl restart apache2