rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

alpine: assume one DNS name per host

Browse source 
Avoid needless complexity.
This commit is contained in:
Timotej Lazar 2024-06-19 13:14:51 +02:00
parent 393614aa79
commit 38c3464279
5 changed files with 12 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/dokuwiki/templates/dokuwiki.conf.j2
View file

@ -1,11 +1,10 @@
{% for fqdn in fqdns %}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ fqdn }};
server_name {{ dns_name }};
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
client_max_body_size 100M;
@ -35,5 +34,3 @@ server {
fastcgi_pass unix:/run/php-fpm.socket;
}
}
{% endfor %}

9
roles/forgejo/templates/forgejo.conf.j2
View file

@ -1,10 +1,9 @@
{% for fqdn in fqdns %}
server {
server_name {{ fqdn }};
server_name {{ dns_name }};
listen [::]:443 ssl ipv6only=off;
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
location / {
proxy_pass http://unix:/var/lib/forgejo/socket;
@ -19,5 +18,3 @@ server {
client_max_body_size 512M;
}
}
{% endfor %}

2
roles/netbox/tasks/app.yml
View file

@ -49,7 +49,7 @@
line: '{{ item.line }}'
loop:
- key: '^ALLOWED_HOSTS = '
line: "ALLOWED_HOSTS = [{{ fqdns | map('regex_replace', '^(.*)$', '\"\\1\"') | join(', ') }}]"
line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
- key: 'USER.*PostgreSQL username'
line: " 'USER': '{{ user }}', # PostgreSQL username"
# XXX unnecessary?

9
roles/netbox/templates/netbox.conf.j2
View file

@ -1,10 +1,9 @@
{% for fqdn in fqdns %}
server {
server_name {{ fqdn }};
server_name {{ dns_name }};
listen [::]:443 ssl ipv6only=off;
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
client_max_body_size 100m;
@ -19,5 +18,3 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
}
}
{% endfor %}

5
roles/nginx/tasks/main.yml
View file

@ -26,9 +26,8 @@
- name: Get LE certificate
command:
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ item }}
creates: '/etc/letsencrypt/renewal/{{ item }}.conf'
loop: '{{ fqdns }}'
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ dns_name }}
creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
- name: Enable certbot renewal
cron: