blob: 24dc5dd637ae5652254c3967ae76c538818543a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
- hosts: monorepo.liw.fi
remote_user: root
roles:
- role: sane_debian_system
- role: sshd
- role: unix_users
- role: apache_server
- role: self-updating-system
tasks:
- apt:
name:
- curl
- git
- screen
- shell: |
a2enmod cgi alias env
- copy:
content: |
<VirtualHost *:80>
ServerName monorepo.liw.fi
ServerAdmin liw@liw.fi
DocumentRoot /var/www/html
<Directory "/">
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<Location "/>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SetEnv GIT_PROJECT_ROOT /home/liw/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
</VirtualHost>
dest: /etc/apache2/sites-enabled/000-default.conf
- copy:
content: |
<VirtualHost *:443>
ServerName monorepo.liw.fi
ServerAdmin liw@liw.fi
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/monorepo.liw.fi/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/monorepo.liw.fi/privkey.pem
<Directory "/">
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<Location "/>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SetEnv GIT_PROJECT_ROOT /home/liw/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
</VirtualHost>
dest: /etc/apache2/sites-enabled/000-default.conf
- systemd:
name: apache2
state: restarted
vars:
sane_debian_system_version: 2
sane_debian_system_hostname: monorepo
sane_debian_system_codename: bookworm
sane_debian_system_mirror: deb.debian.org
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
sudo: yes
letsencrypt: yes
letsencrypt_email: liw@liw.fi
letsencrypt_main_domain: monorepo.liw.fi
certbot_debian_release: bookworm
sshd_version: 1
sshd_host_key: "{{ lookup('pipe', 'sshca host private-key monorepo.liw.fi') }}"
sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 monorepo.liw.fi') }}"
sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
|