try to do certbot on VPS

This commit is contained in:
J. Doe 2019-10-03 04:04:52 +02:00
parent 57981fdd96
commit 3531522c4c
10 changed files with 70 additions and 29 deletions

21
Vagrantfile vendored
View File

@ -28,9 +28,9 @@ Vagrant.configure("2") do |config|
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
config.vm.network "forwarded_port", guest: 8008, host: 8008, host_ip: "127.0.0.1"
config.vm.network "forwarded_port", guest: 8448, host: 8448, host_ip: "127.0.0.1"
config.vm.network "forwarded_port", guest: 443, host: 443, host_ip: "127.0.0.1"
config.vm.network "forwarded_port", guest: 8008, host: 8008
config.vm.network "forwarded_port", guest: 8448, host: 8448
config.vm.network "forwarded_port", guest: 443, host: 443
# Create a private network, which allows host-only access to the machine
# using a specific IP.
@ -58,15 +58,8 @@ Vagrant.configure("2") do |config|
# Customize the amount of memory on the VM:
vb.memory = "4096"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
config.vm.provision "ansible" do |ansible|
ansible.playbook = "setup.yml"
end
end

9
certbot.yml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: synapse
vars:
certbot_certs:
- email: core@fuz.re
domains:
- {{ ansible_host }}
# - riot.fuz.re
roles: geerlingguy.ansible-role-certbot

View File

@ -1,3 +1,10 @@
# Correctly setup Let's Encrypt certificate renewal
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html
# - import_playbook: nginx-letsencrypt.yml
# - import_playbook: openssl.yml
# when: public_ipv4 = false
# when: public_ipv4 = true
include_role: certbot.yml
# https://github.com/geerlingguy/ansible-role-certbot

View File

@ -1 +1,2 @@
synapse ansible_user=vagrant ansible_host="127.0.0.1" ansible_port="2222" ansible_ssh_private_key_file=".vagrant/machines/default/virtualbox/private_key" ansible_become=yes
synapse-vagrant ansible_user=vagrant ansible_host="127.0.0.1" ansible_port="2222" ansible_ssh_private_key_file=".vagrant/machines/default/virtualbox/private_key" ansible_become=yes
synapse ansible_user=root ansible_host="dev.fuz.doxx.fr" ansible_port="22" ansible_ssh_private_key_file=".ssh/id_rsa" ansible_become=yes

40
main.yml Normal file
View File

@ -0,0 +1,40 @@
---
- hosts:
- synapse
handlers:
- name: reboot
reboot:
pre_tasks:
- apt:
update_cache: yes
- name: Disable IPv6
blockinfile:
path: /etc/sysctl.conf
block: |
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
notify: reboot
- name: apply ipv6 disable
command: sysctl -p
become: yes
- name: check ipv6 state
shell: cat /proc/sys/net/ipv6/conf/all/disable_ipv6
register: command_result
failed_when: "'1' not in command_result.stdout"
- apt:
name: python-pip
roles:
- geerlingguy.pip
- import_playbook: postgres.yml
# todo: create synapse user
- import_playbook: synapse.yml

View File

@ -1,4 +1,5 @@
- hosts: synapse
become: yes
tasks:
- pip:
name: psycopg2

View File

@ -1,6 +1,7 @@
# from galaxy
- src: geerlingguy.pip
- src: geerlingguy.postgresql
- src: geerlingguy.ansible-role-certbot
# from GitHub, overriding the name and specifying a specific tag
# - src: https://github.com/bennojoy/nginx

View File

@ -1,11 +0,0 @@
---
- hosts:
- synapse
roles:
- geerlingguy.pip
- import_playbook: postgres.yml
# todo: create synapse user
- import_playbook: synapse.yml

View File

@ -18,10 +18,10 @@
matrix_synapse_report_stats: false # Report stats to matrix.org?
matrix_synapse_extra_config: # no_tls:true disables port 8448
no_tls: true
no_tls: false
# If false:
# matrix_synapse_tls_cert: ""
# matrix_synapse_tls_key: ""
matrix_synapse_tls_cert: ""
matrix_synapse_tls_key: ""
# pre_tasks:
# tasks:

View File