From 7f956a7c9f1391322d74ed6b365e4da496b302d2 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 13 May 2020 10:15:10 +0300 Subject: feat: add site for testing Let's Encrypt automation --- ansible/letest.hz | 5 +++++ ansible/letest.yml | 17 ++++++++++++++++ ansible/roles/letest/files/vmhost | 10 ++++++++++ ansible/roles/letest/files/vmhost-tls | 14 +++++++++++++ ansible/roles/letest/tasks/main.yml | 37 +++++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+) create mode 100644 ansible/letest.hz create mode 100644 ansible/letest.yml create mode 100644 ansible/roles/letest/files/vmhost create mode 100644 ansible/roles/letest/files/vmhost-tls create mode 100644 ansible/roles/letest/tasks/main.yml diff --git a/ansible/letest.hz b/ansible/letest.hz new file mode 100644 index 0000000..919af09 --- /dev/null +++ b/ansible/letest.hz @@ -0,0 +1,5 @@ +defaults: + type: cx11 + image: debian-10 +hosts: + - name: letest diff --git a/ansible/letest.yml b/ansible/letest.yml new file mode 100644 index 0000000..853325a --- /dev/null +++ b/ansible/letest.yml @@ -0,0 +1,17 @@ +- hosts: letest + remote_user: root + roles: +# - sane_debian_system +# - comfortable-debian-system +# - self-updating-system + - letest + vars: + hostname: letest + debian_codename: buster + debian_mirror: deb.debian.org + + unix_users: + - username: liw + comment: Lars Wirzenius + authorized_keys: | + {{ liw_ssh_pub }} diff --git a/ansible/roles/letest/files/vmhost b/ansible/roles/letest/files/vmhost new file mode 100644 index 0000000..dea35c0 --- /dev/null +++ b/ansible/roles/letest/files/vmhost @@ -0,0 +1,10 @@ + + ServerName letest-letest.vm.liw.fi + ServerAdmin liw@liw.fi + DocumentRoot /srv/http/letest + ErrorLog /var/log/apache2/letest/error.log + CustomLog /var/log/apache2/letest/access.log combined + + Require all granted + + diff --git a/ansible/roles/letest/files/vmhost-tls b/ansible/roles/letest/files/vmhost-tls new file mode 100644 index 0000000..4dd19e1 --- /dev/null +++ b/ansible/roles/letest/files/vmhost-tls @@ -0,0 +1,14 @@ + + ServerName letest-letest.vm.liw.fi + ServerAdmin liw@liw.fi + DocumentRoot /srv/http/letest + ErrorLog /var/log/apache2/letest/error.log + CustomLog /var/log/apache2/letest/access.log combined + + Require all granted + + + SSLEngine on + SSLCertificateFile "/etc/letsencrypt/live/cert1/fullchain.pem" + SSLCertificateKeyFile "/etc/letsencrypt/live/cert1/privkey.pem" + diff --git a/ansible/roles/letest/tasks/main.yml b/ansible/roles/letest/tasks/main.yml new file mode 100644 index 0000000..d36db3b --- /dev/null +++ b/ansible/roles/letest/tasks/main.yml @@ -0,0 +1,37 @@ +- apt: + name: + - apache2 + - certbot +- file: + state: directory + path: /srv/http/letest +- file: + state: directory + path: /var/log/apache2/letest +- copy: + content: | + letest + dest: /srv/http/letest/index.html +- copy: + src: vmhost + dest: /etc/apache2/sites-available/letest.conf +- copy: + src: vmhost-tls + dest: /etc/apache2/sites-available/letest-tls.conf +- shell: | + a2ensite --quiet letest + systemctl restart apache2 + a2enmod --quiet ssl + if ! [ -e /etc/letencrypt/live ]; then + certbot certonly \ + --webroot \ + --webroot-path /srv/http/letest \ + --noninteractive \ + --email liw@liw.fi \ + --agree-tos \ + --expand \ + --cert-name cert1 \ + -d letest-letest.vm.liw.fi + fi + a2ensite --quiet letest-tls + systemctl restart apache2 -- cgit v1.2.1