diff options
Diffstat (limited to 'ansible/monorepo.liw.fi.yml')
-rw-r--r-- | ansible/monorepo.liw.fi.yml | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/ansible/monorepo.liw.fi.yml b/ansible/monorepo.liw.fi.yml new file mode 100644 index 0000000..24dc5dd --- /dev/null +++ b/ansible/monorepo.liw.fi.yml @@ -0,0 +1,94 @@ +- hosts: monorepo.liw.fi + remote_user: root + roles: + - role: sane_debian_system + - role: sshd + - role: unix_users + - role: apache_server + - role: self-updating-system + tasks: + - apt: + name: + - curl + - git + - screen + - shell: | + a2enmod cgi alias env + - copy: + content: | + <VirtualHost *:80> + ServerName monorepo.liw.fi + ServerAdmin liw@liw.fi + DocumentRoot /var/www/html + + <Directory "/"> + AllowOverride None + Order deny,allow + Allow from all + </Directory> + + <Location "/> + Require all granted + </Location> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SetEnv GIT_PROJECT_ROOT /home/liw/git + SetEnv GIT_HTTP_EXPORT_ALL + ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ + </VirtualHost> + dest: /etc/apache2/sites-enabled/000-default.conf + - copy: + content: | + <VirtualHost *:443> + ServerName monorepo.liw.fi + ServerAdmin liw@liw.fi + DocumentRoot /var/www/html + SSLEngine on + SSLCertificateFile /etc/letsencrypt/live/monorepo.liw.fi/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/monorepo.liw.fi/privkey.pem + + <Directory "/"> + AllowOverride None + Order deny,allow + Allow from all + </Directory> + + <Location "/> + Require all granted + </Location> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SetEnv GIT_PROJECT_ROOT /home/liw/git + SetEnv GIT_HTTP_EXPORT_ALL + ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ + </VirtualHost> + dest: /etc/apache2/sites-enabled/000-default.conf + - systemd: + name: apache2 + state: restarted + + vars: + sane_debian_system_version: 2 + sane_debian_system_hostname: monorepo + sane_debian_system_codename: bookworm + sane_debian_system_mirror: deb.debian.org + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + + letsencrypt: yes + letsencrypt_email: liw@liw.fi + letsencrypt_main_domain: monorepo.liw.fi + certbot_debian_release: bookworm + + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key monorepo.liw.fi') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 monorepo.liw.fi') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" |