- hosts: monorepo.liw.fi
remote_user: root
roles:
- role: sane_debian_system
- role: sshd
- role: unix_users
- role: apache_server
- role: self-updating-system
tasks:
- apt:
name:
- curl
- git
- screen
- shell: |
a2enmod cgi alias env
- copy:
content: |
ServerName monorepo.liw.fi
ServerAdmin liw@liw.fi
DocumentRoot /var/www/html
AllowOverride None
Order deny,allow
Allow from all
Require all granted
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SetEnv GIT_PROJECT_ROOT /home/liw/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
dest: /etc/apache2/sites-enabled/000-default.conf
- copy:
content: |
ServerName monorepo.liw.fi
ServerAdmin liw@liw.fi
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/monorepo.liw.fi/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/monorepo.liw.fi/privkey.pem
AllowOverride None
Order deny,allow
Allow from all
Require all granted
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SetEnv GIT_PROJECT_ROOT /home/liw/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
dest: /etc/apache2/sites-enabled/000-default.conf
- systemd:
name: apache2
state: restarted
vars:
sane_debian_system_version: 2
sane_debian_system_hostname: monorepo
sane_debian_system_codename: bookworm
sane_debian_system_mirror: deb.debian.org
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
sudo: yes
letsencrypt: yes
letsencrypt_email: liw@liw.fi
letsencrypt_main_domain: monorepo.liw.fi
certbot_debian_release: bookworm
sshd_version: 1
sshd_host_key: "{{ lookup('pipe', 'sshca host private-key monorepo.liw.fi') }}"
sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 monorepo.liw.fi') }}"
sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"