rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

alpine: assume one DNS name per host

Browse source 
Avoid needless complexity.
This commit is contained in:
Timotej Lazar 2024-06-19 13:14:51 +02:00
parent 393614aa79
commit 38c3464279
5 changed files with 12 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/dokuwiki/templates/dokuwiki.conf.j2
View file

@ -1,11 +1,10 @@
{% for fqdn in fqdns %}
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ fqdn }}; server_name {{ dns_name }};
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
client_max_body_size 100M; client_max_body_size 100M;
@ -35,5 +34,3 @@ server {
fastcgi_pass unix:/run/php-fpm.socket; fastcgi_pass unix:/run/php-fpm.socket;
} }
} }
{% endfor %}

9
roles/forgejo/templates/forgejo.conf.j2
View file

@ -1,10 +1,9 @@
{% for fqdn in fqdns %}
server { server {
server_name {{ fqdn }}; server_name {{ dns_name }};
listen [::]:443 ssl ipv6only=off; listen [::]:443 ssl ipv6only=off;
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
location / { location / {
proxy_pass http://unix:/var/lib/forgejo/socket; proxy_pass http://unix:/var/lib/forgejo/socket;
@ -19,5 +18,3 @@ server {
client_max_body_size 512M; client_max_body_size 512M;
} }
} }
{% endfor %}

2
roles/netbox/tasks/app.yml
View file

@ -49,7 +49,7 @@
line: '{{ item.line }}' line: '{{ item.line }}'
loop: loop:
- key: '^ALLOWED_HOSTS = ' - key: '^ALLOWED_HOSTS = '
line: "ALLOWED_HOSTS = [{{ fqdns | map('regex_replace', '^(.*)$', '\"\\1\"') | join(', ') }}]" line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
- key: 'USER.*PostgreSQL username' - key: 'USER.*PostgreSQL username'
line: " 'USER': '{{ user }}', # PostgreSQL username" line: " 'USER': '{{ user }}', # PostgreSQL username"
# XXX unnecessary? # XXX unnecessary?

9
roles/netbox/templates/netbox.conf.j2
View file

@ -1,10 +1,9 @@
{% for fqdn in fqdns %}
server { server {
server_name {{ fqdn }}; server_name {{ dns_name }};
listen [::]:443 ssl ipv6only=off; listen [::]:443 ssl ipv6only=off;
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
client_max_body_size 100m; client_max_body_size 100m;
@ -19,5 +18,3 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
} }
{% endfor %}

5
roles/nginx/tasks/main.yml
View file

@ -26,9 +26,8 @@
- name: Get LE certificate - name: Get LE certificate
command: command:
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ item }} cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ dns_name }}
creates: '/etc/letsencrypt/renewal/{{ item }}.conf' creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
loop: '{{ fqdns }}'
- name: Enable certbot renewal - name: Enable certbot renewal
cron: cron: