monorepo.liw.fi: tls

Signed-off-by: Lars Wirzenius <liw@liw.fi>
Sponsored-by: author

1 files changed, 30 insertions, 1 deletions

diff --git a/ansible/monorepo.liw.fi.yml b/ansible/monorepo.liw.fi.yml
index 1f1797d..8753552 100644
--- a/ansible/monorepo.liw.fi.yml
+++ b/ansible/monorepo.liw.fi.yml
@@ -9,6 +9,7 @@
   tasks:
     - apt:
         name:
+          - curl
           - git
     - shell: |
         a2enmod cgi alias env
@@ -37,6 +38,34 @@
                   ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
           </VirtualHost>
         dest: /etc/apache2/sites-enabled/000-default.conf
+    - copy:
+        content: |
+          <VirtualHost *:443>
+                  ServerName monorepo.liw.fi
+                  ServerAdmin liw@liw.fi
+                  DocumentRoot /var/www/html
+                  SSLEngine on
+                  SSLCertificateFile      /etc/letsencrypt/live/monorepo.liw.fi/fullchain.pem
+                  SSLCertificateKeyFile   /etc/letsencrypt/live/monorepo.liw.fi/privkey.pem
+
+                  <Directory "/">
+                      AllowOverride None
+                      Order deny,allow
+                      Allow from all
+                  </Directory>
+
+                  <Location "/>
+                      Require all granted
+                  </Location>
+
+                  ErrorLog ${APACHE_LOG_DIR}/error.log
+                  CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+                  SetEnv GIT_PROJECT_ROOT /home/liw/git
+                  SetEnv GIT_HTTP_EXPORT_ALL
+                  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+          </VirtualHost>
+        dest: /etc/apache2/sites-enabled/000-default.conf
     - systemd:
         name: apache2
         state: restarted
@@ -53,7 +82,7 @@
         comment: Lars Wirzenius
         sudo: yes
 
-    letsencrypt: no
+    letsencrypt: yes
     letsencrypt_email: liw@liw.fi
     letsencrypt_main_domain: monorepo.liw.fi
     certbot_debian_release: bookworm