summaryrefslogtreecommitdiff
path: root/ansible/http.liw.fi.yml
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/http.liw.fi.yml')
-rw-r--r--ansible/http.liw.fi.yml194
1 files changed, 74 insertions, 120 deletions
diff --git a/ansible/http.liw.fi.yml b/ansible/http.liw.fi.yml
index ed409ff..9372c4c 100644
--- a/ansible/http.liw.fi.yml
+++ b/ansible/http.liw.fi.yml
@@ -1,10 +1,11 @@
-- hosts: static
+- hosts: http.liw.fi
remote_user: root
roles:
- role: sane_debian_system
- role: sshd
- role: unix_users
- role: apache_server
+ tags: [httpd]
- role: comfortable-debian-system
- role: self-updating-system
vars:
@@ -22,11 +23,6 @@
- username: root
authorized_keys: |
{{ liw_personal_ssh_pub }}
- - username: ickliwfi
- comment: Ick website
- authorized_keys: |
- {{ liw_personal_ssh_pub }}
- {{ ci_worker_ssh_pub }}
letsencrypt: yes
letsencrypt_email: liw@liw.fi
@@ -41,215 +37,179 @@
owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
-
- - domain: ideas.liw.fi
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: files.liw.fi
owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
-
- - domain: code.liw.fi
- owner: liw
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: vmdb2.liw.fi
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
-
- - domain: vmdb2-images.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: vmdb2-manual.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cer1
+ letsencrypt_cert: certa
- domain: journal.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
htpasswd: "{{ lookup('pipe', 'pass journal.liw.fi.htpasswd') }}"
htpasswd_name: "Private site by Lars. Go away."
- domain: noir.liw.fi
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
-
- - domain: manifesto.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: doc.obnam.org
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
-
- - domain: seinfeld.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: subplot.tech
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert12
+ letsencrypt_cert: certa
- domain: www.subplot.tech
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert12
+ letsencrypt_cert: certa
redirect: subplot.tech
- domain: doc.subplot.tech
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert12
+ letsencrypt_cert: certa
- domain: subplot.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
redirect: subplot.tech
- domain: doc.subplot.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert11
+ letsencrypt_cert: certa
redirect: doc.subplot.tech
- - domain: yuck.liw.fi
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
-
- domain: 256.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: gtdfh.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert1
+ letsencrypt_cert: certa
- domain: blog.liw.fi
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert1
-
- - domain: summain.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert4
+ letsencrypt_cert: certa
- domain: vmadm.liw.fi
- owner: ickliwfi
- ownermail: liw@liw.fi
- letsencrypt: yes
- letsencrypt_cert: cert6
-
- - domain: clab.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert9
+ letsencrypt_cert: certa
- domain: doc.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert10
+ letsencrypt_cert: certa
- domain: sshca.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert11
+ letsencrypt_cert: certa
- domain: www.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert13
+ letsencrypt_cert: certa
redirect: liw.fi
- domain: riki.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert14
+ letsencrypt_cert: certa
- domain: v-i.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert15
+ letsencrypt_cert: certa
- domain: puomi.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert15
+ letsencrypt_cert: certa
- domain: ewww.liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert16
+ letsencrypt_cert: certa
- # Sites that need to be changed in DNS (A record) before Let's
- # Encrypt certificates can be created. Comment these out until
- # DNS has been changed.
+ - domain: ambient.liw.fi
+ owner: liw
+ ownermail: liw@liw.fi
+ letsencrypt: yes
+ letsencrypt_cert: certa
- - domain: ick.liw.fi
- owner: ickliwfi
+ - domain: openpgpkey.liw.fi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert3
+ letsencrypt_cert: certa
+
+ - domain: liw.iki.fi
+ owner: liw
+ ownermail: liw@liw.fi
+ letsencrypt: yes
+ letsencrypt_cert: certa
+
+ # Sites that need to be changed in DNS (A record) before Let's
+ # Encrypt certificates can be created. Comment these out until
+ # DNS has been changed.
- domain: obnam.org
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert2
+ letsencrypt_cert: certa
- domain: liw.fi
- owner: ickliwfi
+ owner: liw
ownermail: liw@liw.fi
letsencrypt: yes
- letsencrypt_cert: cert2
+ letsencrypt_cert: certa
# Sites without HTTPS.
@@ -274,17 +234,11 @@
ownermail: webmaster@docstory.fi
letsencrypt: no
- - domain: liw.iki.fi
- owner: liw
- ownermail: liw@liw.fi
- letsencrypt: no
-
- - domain: demo-journal.liw.fi
- owner: liw
- ownermail: liw@liw.fi
- letsencrypt: no
-
+ # We must define the sshd variables here. The defaults from the
+ # "all" group assume sshca knows the host by the
+ # sane_debian_system_hostname name, which isn't true for this
+ # host.
sshd_version: 1
sshd_host_key: "{{ lookup('pipe', 'sshca host private-key http.liw.fi') }}"
- sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 http.liw.fi') }}"
- sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}"
+ sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 http.liw.fi') }}"
+ sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-28 15:53:52 +0000