diff options
author | Lars Wirzenius <liw@liw.fi> | 2020-05-13 10:15:10 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2020-05-13 11:13:32 +0300 |
commit | 7f956a7c9f1391322d74ed6b365e4da496b302d2 (patch) | |
tree | 4a37d12d31d902b5c168e58ce5716bc1e06666a5 | |
parent | b3d16611dc3c789580e8c11ae4ddbdb669c0171b (diff) | |
download | ansibleness-7f956a7c9f1391322d74ed6b365e4da496b302d2.tar.gz |
feat: add site for testing Let's Encrypt automation
-rw-r--r-- | ansible/letest.hz | 5 | ||||
-rw-r--r-- | ansible/letest.yml | 17 | ||||
-rw-r--r-- | ansible/roles/letest/files/vmhost | 10 | ||||
-rw-r--r-- | ansible/roles/letest/files/vmhost-tls | 14 | ||||
-rw-r--r-- | ansible/roles/letest/tasks/main.yml | 37 |
5 files changed, 83 insertions, 0 deletions
diff --git a/ansible/letest.hz b/ansible/letest.hz new file mode 100644 index 0000000..919af09 --- /dev/null +++ b/ansible/letest.hz @@ -0,0 +1,5 @@ +defaults: + type: cx11 + image: debian-10 +hosts: + - name: letest diff --git a/ansible/letest.yml b/ansible/letest.yml new file mode 100644 index 0000000..853325a --- /dev/null +++ b/ansible/letest.yml @@ -0,0 +1,17 @@ +- hosts: letest + remote_user: root + roles: +# - sane_debian_system +# - comfortable-debian-system +# - self-updating-system + - letest + vars: + hostname: letest + debian_codename: buster + debian_mirror: deb.debian.org + + unix_users: + - username: liw + comment: Lars Wirzenius + authorized_keys: | + {{ liw_ssh_pub }} diff --git a/ansible/roles/letest/files/vmhost b/ansible/roles/letest/files/vmhost new file mode 100644 index 0000000..dea35c0 --- /dev/null +++ b/ansible/roles/letest/files/vmhost @@ -0,0 +1,10 @@ +<VirtualHost *:80> + ServerName letest-letest.vm.liw.fi + ServerAdmin liw@liw.fi + DocumentRoot /srv/http/letest + ErrorLog /var/log/apache2/letest/error.log + CustomLog /var/log/apache2/letest/access.log combined + <Directory /srv/http/letest> + Require all granted + </Directory> +</VirtualHost> diff --git a/ansible/roles/letest/files/vmhost-tls b/ansible/roles/letest/files/vmhost-tls new file mode 100644 index 0000000..4dd19e1 --- /dev/null +++ b/ansible/roles/letest/files/vmhost-tls @@ -0,0 +1,14 @@ +<VirtualHost _default_:443> + ServerName letest-letest.vm.liw.fi + ServerAdmin liw@liw.fi + DocumentRoot /srv/http/letest + ErrorLog /var/log/apache2/letest/error.log + CustomLog /var/log/apache2/letest/access.log combined + <Directory /srv/http/letest> + Require all granted + </Directory> + + SSLEngine on + SSLCertificateFile "/etc/letsencrypt/live/cert1/fullchain.pem" + SSLCertificateKeyFile "/etc/letsencrypt/live/cert1/privkey.pem" +</VirtualHost> diff --git a/ansible/roles/letest/tasks/main.yml b/ansible/roles/letest/tasks/main.yml new file mode 100644 index 0000000..d36db3b --- /dev/null +++ b/ansible/roles/letest/tasks/main.yml @@ -0,0 +1,37 @@ +- apt: + name: + - apache2 + - certbot +- file: + state: directory + path: /srv/http/letest +- file: + state: directory + path: /var/log/apache2/letest +- copy: + content: | + letest + dest: /srv/http/letest/index.html +- copy: + src: vmhost + dest: /etc/apache2/sites-available/letest.conf +- copy: + src: vmhost-tls + dest: /etc/apache2/sites-available/letest-tls.conf +- shell: | + a2ensite --quiet letest + systemctl restart apache2 + a2enmod --quiet ssl + if ! [ -e /etc/letencrypt/live ]; then + certbot certonly \ + --webroot \ + --webroot-path /srv/http/letest \ + --noninteractive \ + --email liw@liw.fi \ + --agree-tos \ + --expand \ + --cert-name cert1 \ + -d letest-letest.vm.liw.fi + fi + a2ensite --quiet letest-tls + systemctl restart apache2 |