- hosts: static remote_user: root roles: - role: sane_debian_system - role: unix_users - role: apache_server - role: comfortable-debian-system - role: self-updating-system vars: sane_debian_system_version: 2 sane_debian_system_hostname: static sane_debian_system_codename: bullseye sane_debian_system_mirror: deb.debian.org unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius authorized_keys: | {{ liw_personal_ssh_pub }} - username: root authorized_keys: | {{ liw_personal_ssh_pub }} - username: ickliwfi comment: Ick website authorized_keys: | {{ liw_personal_ssh_pub }} {{ ci_worker_ssh_pub }} letsencrypt: yes letsencrypt_email: liw@liw.fi letsencrypt_main_domain: http.liw.fi certbot_debian_release: bullseye static_sites: # Sites that refer to this server via CNAME will work out of the box. - domain: http-static.vm.liw.fi owner: liw ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: ideas.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: files.liw.fi owner: liw ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: code.liw.fi owner: liw ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: vmdb2.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: vmdb2-images.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: vmdb2-manual.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cer1 - domain: journal.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 htpasswd: "{{ lookup('pipe', 'pass journal.liw.fi.htpasswd') }}" htpasswd_name: "Private site by Lars. Go away." - domain: noir.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: manifesto.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: doc.obnam.org owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: seinfeld.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: subplot.tech owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert12 - domain: www.subplot.tech owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert12 redirect: subplot.tech - domain: doc.subplot.tech owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert12 - domain: subplot.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 redirect: subplot.tech - domain: doc.subplot.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert11 redirect: doc.subplot.tech - domain: yuck.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: 256.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: gtdfh.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: blog.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert1 - domain: summain.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert4 - domain: ewww.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert5 - domain: vmadm.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert6 - domain: clab.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert9 - domain: doc.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert10 - domain: sshca.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert11 # Sites that need to be changed in DNS (A record) before Let's # Encrypt certificates can be created. Comment these out until # DNS has been changed. - domain: ick.liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert3 - domain: obnam.org owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert2 - domain: liw.fi owner: ickliwfi ownermail: liw@liw.fi letsencrypt: yes letsencrypt_cert: cert2 # Sites without HTTPS. - domain: yotyonzen.docstory.fi owner: liw ownermail: webmaster@docstory.fi letsencrypt: no - domain: zen.docstory.fi owner: liw ownermail: webmaster@docstory.fi letsencrypt: no - domain: wedding.docstory.fi owner: liw ownermail: webmaster@docstory.fi letsencrypt: no - domain: www.docstory.fi owner: liw alias: docstory.fi ownermail: webmaster@docstory.fi letsencrypt: no - domain: liw.iki.fi owner: liw ownermail: liw@liw.fi letsencrypt: no - domain: demo-journal.liw.fi owner: liw ownermail: liw@liw.fi letsencrypt: no