try to do certbot on VPS
This commit is contained in:
parent
57981fdd96
commit
3531522c4c
19
Vagrantfile
vendored
19
Vagrantfile
vendored
@ -28,9 +28,9 @@ Vagrant.configure("2") do |config|
|
||||
# Create a forwarded port mapping which allows access to a specific port
|
||||
# within the machine from a port on the host machine and only allow access
|
||||
# via 127.0.0.1 to disable public access
|
||||
config.vm.network "forwarded_port", guest: 8008, host: 8008, host_ip: "127.0.0.1"
|
||||
config.vm.network "forwarded_port", guest: 8448, host: 8448, host_ip: "127.0.0.1"
|
||||
config.vm.network "forwarded_port", guest: 443, host: 443, host_ip: "127.0.0.1"
|
||||
config.vm.network "forwarded_port", guest: 8008, host: 8008
|
||||
config.vm.network "forwarded_port", guest: 8448, host: 8448
|
||||
config.vm.network "forwarded_port", guest: 443, host: 443
|
||||
|
||||
# Create a private network, which allows host-only access to the machine
|
||||
# using a specific IP.
|
||||
@ -58,15 +58,8 @@ Vagrant.configure("2") do |config|
|
||||
# Customize the amount of memory on the VM:
|
||||
vb.memory = "4096"
|
||||
end
|
||||
#
|
||||
# View the documentation for the provider you are using for more
|
||||
# information on available options.
|
||||
|
||||
# Enable provisioning with a shell script. Additional provisioners such as
|
||||
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
|
||||
# documentation for more information about their specific syntax and use.
|
||||
# config.vm.provision "shell", inline: <<-SHELL
|
||||
# apt-get update
|
||||
# apt-get install -y apache2
|
||||
# SHELL
|
||||
config.vm.provision "ansible" do |ansible|
|
||||
ansible.playbook = "setup.yml"
|
||||
end
|
||||
end
|
||||
|
9
certbot.yml
Normal file
9
certbot.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- hosts: synapse
|
||||
vars:
|
||||
certbot_certs:
|
||||
- email: core@fuz.re
|
||||
domains:
|
||||
- {{ ansible_host }}
|
||||
# - riot.fuz.re
|
||||
roles: geerlingguy.ansible-role-certbot
|
@ -1,3 +1,10 @@
|
||||
# Correctly setup Let's Encrypt certificate renewal
|
||||
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html
|
||||
# - import_playbook: nginx-letsencrypt.yml
|
||||
|
||||
# - import_playbook: openssl.yml
|
||||
# when: public_ipv4 = false
|
||||
|
||||
# when: public_ipv4 = true
|
||||
include_role: certbot.yml
|
||||
# https://github.com/geerlingguy/ansible-role-certbot
|
@ -1 +1,2 @@
|
||||
synapse ansible_user=vagrant ansible_host="127.0.0.1" ansible_port="2222" ansible_ssh_private_key_file=".vagrant/machines/default/virtualbox/private_key" ansible_become=yes
|
||||
synapse-vagrant ansible_user=vagrant ansible_host="127.0.0.1" ansible_port="2222" ansible_ssh_private_key_file=".vagrant/machines/default/virtualbox/private_key" ansible_become=yes
|
||||
synapse ansible_user=root ansible_host="dev.fuz.doxx.fr" ansible_port="22" ansible_ssh_private_key_file=".ssh/id_rsa" ansible_become=yes
|
40
main.yml
Normal file
40
main.yml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
|
||||
- hosts:
|
||||
- synapse
|
||||
|
||||
handlers:
|
||||
- name: reboot
|
||||
reboot:
|
||||
|
||||
pre_tasks:
|
||||
|
||||
- apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: Disable IPv6
|
||||
blockinfile:
|
||||
path: /etc/sysctl.conf
|
||||
block: |
|
||||
net.ipv6.conf.all.disable_ipv6 = 1
|
||||
net.ipv6.conf.default.disable_ipv6 = 1
|
||||
net.ipv6.conf.lo.disable_ipv6 = 1
|
||||
notify: reboot
|
||||
|
||||
- name: apply ipv6 disable
|
||||
command: sysctl -p
|
||||
become: yes
|
||||
|
||||
- name: check ipv6 state
|
||||
shell: cat /proc/sys/net/ipv6/conf/all/disable_ipv6
|
||||
register: command_result
|
||||
failed_when: "'1' not in command_result.stdout"
|
||||
|
||||
- apt:
|
||||
name: python-pip
|
||||
roles:
|
||||
- geerlingguy.pip
|
||||
|
||||
- import_playbook: postgres.yml
|
||||
# todo: create synapse user
|
||||
- import_playbook: synapse.yml
|
@ -1,4 +1,5 @@
|
||||
- hosts: synapse
|
||||
become: yes
|
||||
tasks:
|
||||
- pip:
|
||||
name: psycopg2
|
||||
|
@ -1,6 +1,7 @@
|
||||
# from galaxy
|
||||
- src: geerlingguy.pip
|
||||
- src: geerlingguy.postgresql
|
||||
- src: geerlingguy.ansible-role-certbot
|
||||
|
||||
# from GitHub, overriding the name and specifying a specific tag
|
||||
# - src: https://github.com/bennojoy/nginx
|
||||
|
11
setup.yml
11
setup.yml
@ -1,11 +0,0 @@
|
||||
---
|
||||
|
||||
- hosts:
|
||||
- synapse
|
||||
|
||||
roles:
|
||||
- geerlingguy.pip
|
||||
|
||||
- import_playbook: postgres.yml
|
||||
# todo: create synapse user
|
||||
- import_playbook: synapse.yml
|
@ -18,10 +18,10 @@
|
||||
matrix_synapse_report_stats: false # Report stats to matrix.org?
|
||||
|
||||
matrix_synapse_extra_config: # no_tls:true disables port 8448
|
||||
no_tls: true
|
||||
no_tls: false
|
||||
# If false:
|
||||
# matrix_synapse_tls_cert: ""
|
||||
# matrix_synapse_tls_key: ""
|
||||
matrix_synapse_tls_cert: ""
|
||||
matrix_synapse_tls_key: ""
|
||||
|
||||
# pre_tasks:
|
||||
# tasks:
|
||||
|
0
ubuntu-bionic-18.04-cloudimg-console.log
Normal file
0
ubuntu-bionic-18.04-cloudimg-console.log
Normal file
Loading…
Reference in New Issue
Block a user