ansible/http.liw.fi.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

- hosts: static
  remote_user: root
  roles:
    - role: sane_debian_system
    - role: comfortable-debian-system
    - role: unix_users
    - role: apache_server
      tags: [apache]
    - role: self-updating-system
  vars:
    hostname: static
    debian_codename: buster
    debian_mirror: deb.debian.org
    debian_mirror_src: deb.debian.org

    unix_users:
      - username: liw
        comment: Lars Wirzenius
        authorized_keys: |
          {{ liw_ssh_pub }}
      - username: ickliwfi
        comment: Ick website
        authorized_keys: |
          {{ liw_ssh_pub }}
          {{ ci_worker_ssh_pub }}

    letsencrypt: yes
    letsencrypt_email: liw@liw.fi
    letsencrypt_main_domain: http.liw.fi
    certbot_debian_release: buster

    static_sites:

      - domain: http-static.vm.liw.fi
        owner: liw
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: ideas.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: files.liw.fi
        owner: liw
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: code.liw.fi
        owner: liw
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: vmdb2.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: vmdb2-images.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: vmdb2-manual.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: journal.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1
        htpasswd: "{{ lookup('pipe', 'pass journal.liw.fi.htpasswd') }}"
        htpasswd_name: "Private site by Lars. Go away."

      - domain: ick.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: noir.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: manifesto.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: subplot.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: examples.subplot.liw.fi
        owner: ickliwfi
        ownermail: liw@liw.fi
        letsencrypt: yes
        letsencrypt_cert: cert1

      - domain: yotyonzen.docstory.fi
        owner: liw
        ownermail: webmaster@docstory.fi
        letsencrypt: no

      - domain: wedding.docstory.fi
        owner: liw
        ownermail: webmaster@docstory.fi
        letsencrypt: no

      - domain: www.docstory.fi
        owner: liw
        alias: docstory.fi
        ownermail: webmaster@docstory.fi
        letsencrypt: no

      - domain: liw.iki.fi
        owner: liw
        ownermail: liw@liw.fi
        letsencrypt: no

      - domain: demo-journal.liw.fi
        owner: liw
        ownermail: liw@liw.fi
        letsencrypt: no