www.afpy.org migré.
This commit is contained in:
parent
1d1346dbd1
commit
0faa1cf53f
12
afpy.org.yml
12
afpy.org.yml
|
@ -32,7 +32,7 @@
|
|||
notify: reload nginx
|
||||
|
||||
- name: Setup afpy.org
|
||||
include_role: name=julienpalard.nginx
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: afpy-org
|
||||
nginx_domain: afpy.org
|
||||
|
@ -143,7 +143,7 @@
|
|||
become: true
|
||||
become_user: afpy-org
|
||||
pip:
|
||||
name: /home/afpy-org/src/
|
||||
requirements: /home/afpy-org/src/requirements.txt
|
||||
virtualenv_command: /usr/bin/python3 -m venv
|
||||
virtualenv: "/home/afpy-org/venv/"
|
||||
|
||||
|
@ -183,7 +183,7 @@
|
|||
- service: name=afpy-org state=started enabled=yes
|
||||
|
||||
- name: Redirect planet.afpy.org
|
||||
include_role: name=julienpalard.nginx
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_domain: planet.afpy.org
|
||||
nginx_certificates: [planet.afpy.org]
|
||||
|
@ -208,7 +208,7 @@
|
|||
}
|
||||
|
||||
- name: Setup salt-fr.afpy.org
|
||||
include_role: name=julienpalard.nginx
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: salt-fr-afpy-org
|
||||
nginx_path: /var/www/salt-fr.afpy.org
|
||||
|
@ -217,7 +217,7 @@
|
|||
nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVrME7+AYhM4n6opE5gVJbWsZHLETucV2wV+kDvnLk3"
|
||||
|
||||
- name: Setup nantes.afpy.org
|
||||
include_role: name=julienpalard.nginx
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: nantes-afpy-org
|
||||
nginx_path: /var/www/nantes.afpy.org
|
||||
|
@ -226,7 +226,7 @@
|
|||
nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsky9ccA9SkMbFpaL9yEwLUW6y320kmwoCdGVCsWd3L"
|
||||
|
||||
- name: Setup lists.afpy.org redirection
|
||||
include_role: name=julienpalard.nginx
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_domain: lists.afpy.org
|
||||
nginx_certificates: [lists.afpy.org]
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: afpyro-afpy-org
|
||||
nginx_name: afpyro.afpy.org
|
||||
nginx_domain: afpyro.afpy.org
|
||||
nginx_certificates: [afpyro.afpy.org]
|
||||
nginx_conf: |
|
||||
server
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: www-data
|
||||
nginx_name: autoconfig.afpy.org
|
||||
nginx_domain: autoconfig.afpy.org
|
||||
nginx_certificates: [autoconfig.afpy.org, autoconfig.pycon.fr]
|
||||
nginx_path: /var/www/autoconfig.afpy.org
|
||||
nginx_conf: |
|
||||
|
|
2
dl.yml
2
dl.yml
|
@ -63,7 +63,7 @@
|
|||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: dl-afpy-org
|
||||
nginx_name: dl.afpy.org
|
||||
nginx_domain: dl.afpy.org
|
||||
nginx_certificates: [dl.afpy.org, videos-2015.pycon.fr]
|
||||
nginx_conf: |
|
||||
server
|
||||
|
|
12
pycon.fr.yml
12
pycon.fr.yml
|
@ -17,7 +17,7 @@
|
|||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: pyconfr
|
||||
nginx_name: pycon.fr
|
||||
nginx_domain: pycon.fr
|
||||
nginx_certificates: ['pycon.fr', 'www.pycon.fr']
|
||||
nginx_path: /var/www/pycon.fr/
|
||||
nginx_conf: |
|
||||
|
@ -59,7 +59,7 @@
|
|||
- name: Setup PyConFr 2016
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_name: 2016.pycon.fr
|
||||
nginx_domain: 2016.pycon.fr
|
||||
nginx_certificates: [2016.pycon.fr]
|
||||
nginx_conf: |
|
||||
server
|
||||
|
@ -85,7 +85,7 @@
|
|||
- name: Setup PyConFr 2012
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_name: 2012.pycon.fr
|
||||
nginx_domain: 2012.pycon.fr
|
||||
nginx_certificates: [2012.pycon.fr]
|
||||
nginx_conf: |
|
||||
server
|
||||
|
@ -110,7 +110,7 @@
|
|||
- name: Setup PyConFr 2011
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_name: 2011.pycon.fr
|
||||
nginx_domain: 2011.pycon.fr
|
||||
nginx_certificates: [2011.pycon.fr]
|
||||
nginx_conf: |
|
||||
server
|
||||
|
@ -135,7 +135,7 @@
|
|||
- name: Setup PyConFr 2010
|
||||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_name: 2010.pycon.fr
|
||||
nginx_domain: 2010.pycon.fr
|
||||
nginx_certificates: [2010.pycon.fr]
|
||||
nginx_conf: |
|
||||
server
|
||||
|
@ -161,7 +161,7 @@
|
|||
include_role: name=nginx
|
||||
vars:
|
||||
nginx_owner: paullaroid
|
||||
nginx_name: paullaroid.pycon.fr
|
||||
nginx_domain: paullaroid.pycon.fr
|
||||
nginx_certificates: [paullaroid.pycon.fr]
|
||||
nginx_path: /var/www/paullaroid.pycon.fr/
|
||||
nginx_conf: |
|
||||
|
|
|
@ -10,7 +10,7 @@ The mandatory variables are:
|
|||
- `admin_email`: For letsencrypt.
|
||||
- `gandi_api_key` ([see doc](https://github.com/obynio/certbot-plugin-gandi/)).
|
||||
- `nginx_certificates`: A list of domain to put in this certificate.
|
||||
- `nginx_name`: Used for file names and certificate name.
|
||||
- `nginx_domain`: Used for file names, certificate name, and default server_name if no nginx_conf is given.
|
||||
- `nginx_conf`: The nginx config.
|
||||
|
||||
Optional variables are:
|
||||
|
|
|
@ -4,3 +4,26 @@ ssl_protocols: "TLSv1.2 TLSv1.3"
|
|||
ssl_prefer_server_ciphers: "off"
|
||||
ssl_session_cache: "shared:ssl_session_cache:10m"
|
||||
HSTS_header: 'Strict-Transport-Security "max-age=63072000; always"'
|
||||
nginx_conf: |
|
||||
server
|
||||
{
|
||||
listen 80;
|
||||
server_name {{ nginx_domain }};
|
||||
access_log /var/log/nginx/{{ nginx_domain }}-access.log;
|
||||
error_log /var/log/nginx/{{ nginx_domain }}-error.log;
|
||||
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
charset utf-8;
|
||||
server_name {{ nginx_domain }};
|
||||
access_log /var/log/nginx/{{ nginx_domain }}-access.log;
|
||||
error_log /var/log/nginx/{{ nginx_domain }}-error.log;
|
||||
include snippets/letsencrypt-{{ nginx_domain }}.conf;
|
||||
|
||||
root {{ nginx_path }};
|
||||
index index.html;
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
dest: /root/gandi.ini
|
||||
|
||||
- name: Generate TLS certificates
|
||||
command: /root/certbot-venv/bin/certbot certonly --cert-name {{ nginx_name | quote }} -n --agree-tos -d {{ nginx_certificates | join(",") | quote }} -m {{ admin_email | quote }} --authenticator dns-gandi --dns-gandi-credentials /root/gandi.ini
|
||||
command: /root/certbot-venv/bin/certbot certonly --cert-name {{ nginx_domain | quote }} -n --agree-tos -d {{ nginx_certificates | join(",") | quote }} -m {{ admin_email | quote }} --authenticator dns-gandi --dns-gandi-credentials /root/gandi.ini
|
||||
register: certbot
|
||||
changed_when: '"no action taken." not in certbot.stdout'
|
||||
|
||||
|
@ -63,7 +63,7 @@
|
|||
- name: Create letsencrypt snippets
|
||||
template:
|
||||
src: letsencrypt.conf.j2
|
||||
dest: '/etc/nginx/snippets/letsencrypt-{{ nginx_name }}.conf'
|
||||
dest: '/etc/nginx/snippets/letsencrypt-{{ nginx_domain }}.conf'
|
||||
|
||||
- name: User
|
||||
user:
|
||||
|
@ -85,14 +85,14 @@
|
|||
owner: "{{ nginx_owner }}"
|
||||
mode: 0644
|
||||
path: "~{{ nginx_owner }}/.ssh/authorized_keys"
|
||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK: Deploy key for {{ nginx_name }} -->"
|
||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK: Deploy key for {{ nginx_domain }} -->"
|
||||
block: "{{ nginx_public_deploy_key }}"
|
||||
when: nginx_owner is defined and nginx_public_deploy_key is defined
|
||||
|
||||
- name: Configure nginx
|
||||
copy:
|
||||
content: "{{ nginx_conf }}"
|
||||
dest: "/etc/nginx/conf.d/{{ nginx_name }}.conf"
|
||||
dest: "/etc/nginx/conf.d/{{ nginx_domain }}.conf"
|
||||
notify: reload nginx
|
||||
|
||||
- name: WWW directory
|
||||
|
|
|
@ -8,8 +8,8 @@ ssl_session_cache {{ ssl_session_cache }};
|
|||
ssl_session_timeout 1d;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ nginx_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ nginx_name }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ nginx_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ nginx_domain }}/privkey.pem;
|
||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
|
||||
ssl_stapling on;
|
||||
|
|
Loading…
Reference in New Issue
Block a user