try to do certbot on VPS

This commit is contained in:
J. Doe 2019-10-03 04:04:52 +02:00
parent 04116477b1
commit b9517487fd
9 changed files with 68 additions and 28 deletions

21
Vagrantfile vendored
View File

@ -28,9 +28,9 @@ Vagrant.configure("2") do |config|
# Create a forwarded port mapping which allows access to a specific port # Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access # within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access # via 127.0.0.1 to disable public access
config.vm.network "forwarded_port", guest: 8008, host: 8008, host_ip: "127.0.0.1" config.vm.network "forwarded_port", guest: 8008, host: 8008
config.vm.network "forwarded_port", guest: 8448, host: 8448, host_ip: "127.0.0.1" config.vm.network "forwarded_port", guest: 8448, host: 8448
config.vm.network "forwarded_port", guest: 443, host: 443, host_ip: "127.0.0.1" config.vm.network "forwarded_port", guest: 443, host: 443
# Create a private network, which allows host-only access to the machine # Create a private network, which allows host-only access to the machine
# using a specific IP. # using a specific IP.
@ -58,15 +58,8 @@ Vagrant.configure("2") do |config|
# Customize the amount of memory on the VM: # Customize the amount of memory on the VM:
vb.memory = "4096" vb.memory = "4096"
end end
#
# View the documentation for the provider you are using for more config.vm.provision "ansible" do |ansible|
# information on available options. ansible.playbook = "setup.yml"
end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
end end

9
certbot.yml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: synapse
vars:
certbot_certs:
- email: core@fuz.re
domains:
- {{ ansible_host }}
# - riot.fuz.re
roles: geerlingguy.ansible-role-certbot

View File

@ -1,3 +1,10 @@
# Correctly setup Let's Encrypt certificate renewal # Correctly setup Let's Encrypt certificate renewal
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html # https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html
# - import_playbook: nginx-letsencrypt.yml
# - import_playbook: openssl.yml
# when: public_ipv4 = false
# when: public_ipv4 = true
include_role: certbot.yml
# https://github.com/geerlingguy/ansible-role-certbot # https://github.com/geerlingguy/ansible-role-certbot

40
main.yml Normal file
View File

@ -0,0 +1,40 @@
---
- hosts:
- synapse
handlers:
- name: reboot
reboot:
pre_tasks:
- apt:
update_cache: yes
- name: Disable IPv6
blockinfile:
path: /etc/sysctl.conf
block: |
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
notify: reboot
- name: apply ipv6 disable
command: sysctl -p
become: yes
- name: check ipv6 state
shell: cat /proc/sys/net/ipv6/conf/all/disable_ipv6
register: command_result
failed_when: "'1' not in command_result.stdout"
- apt:
name: python-pip
roles:
- geerlingguy.pip
- import_playbook: postgres.yml
# todo: create synapse user
- import_playbook: synapse.yml

View File

@ -1,4 +1,5 @@
- hosts: synapse - hosts: synapse
become: yes
tasks: tasks:
- pip: - pip:
name: psycopg2 name: psycopg2

View File

@ -1,6 +1,7 @@
# from galaxy # from galaxy
- src: geerlingguy.pip - src: geerlingguy.pip
- src: geerlingguy.postgresql - src: geerlingguy.postgresql
- src: geerlingguy.ansible-role-certbot
# from GitHub, overriding the name and specifying a specific tag # from GitHub, overriding the name and specifying a specific tag
# - src: https://github.com/bennojoy/nginx # - src: https://github.com/bennojoy/nginx

View File

@ -1,11 +0,0 @@
---
- hosts:
- synapse
roles:
- geerlingguy.pip
- import_playbook: postgres.yml
# todo: create synapse user
- import_playbook: synapse.yml

View File

@ -18,10 +18,10 @@
matrix_synapse_report_stats: false # Report stats to matrix.org? matrix_synapse_report_stats: false # Report stats to matrix.org?
matrix_synapse_extra_config: # no_tls:true disables port 8448 matrix_synapse_extra_config: # no_tls:true disables port 8448
no_tls: true no_tls: false
# If false: # If false:
# matrix_synapse_tls_cert: "" matrix_synapse_tls_cert: ""
# matrix_synapse_tls_key: "" matrix_synapse_tls_key: ""
# pre_tasks: # pre_tasks:
# tasks: # tasks:

View File