From 4b76b1a7bf0231d0925aefa01d7d16219dea2468 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Wed, 3 Feb 2021 21:31:00 +0100
Subject: [PATCH] [mailman] Use pepcransification of certbot
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
host_vars/mailman.adm.crans.org.yml | 3 +++
hosts | 3 +++
plays/mailman.yml | 4 +++-
roles/mailman3/tasks/main.yml | 15 +--------------
.../templates/nginx/sites-available/mailman3.j2 | 6 +++---
5 files changed, 13 insertions(+), 18 deletions(-)
diff --git a/host_vars/mailman.adm.crans.org.yml b/host_vars/mailman.adm.crans.org.yml
index c6f8791b..84b3a34d 100644
--- a/host_vars/mailman.adm.crans.org.yml
+++ b/host_vars/mailman.adm.crans.org.yml
@@ -2,3 +2,6 @@
interfaces:
adm: eth0
srv: eth1
+
+loc_certbot:
+ domains: "*.crans.org"
diff --git a/hosts b/hosts
index 80ff7ef9..782d8eee 100644
--- a/hosts
+++ b/hosts
@@ -92,6 +92,9 @@ linx.adm.crans.org
[mailman]
redisdead.adm.crans.org
+[mailman]
+mailman.adm.crans.org
+
[monitoring]
monitoring.adm.crans.org
diff --git a/plays/mailman.yml b/plays/mailman.yml
index 4f05430a..e64869f1 100755
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@@ -21,8 +21,9 @@
- nginx
# Deploy Mailman3
-- hosts: mailman.adm.crans.org
+- hosts: mailman
vars:
+ certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
mailman3:
site_owner: root@crans.org
database_user: "mailman3"
@@ -36,5 +37,6 @@
web_database_pass: "{{ vault_mailman3_web_database_pass }}"
web_domain: "mailman.crans.org"
roles:
+ - certbot
- mailman3
- postfix-mailman3
diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml
index 6bc4b2d7..cd041253 100644
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@@ -11,8 +11,6 @@
- postgresql
- python3-pip # CAS
- python3-lxml # CAS
- - certbot # cert
- - python3-certbot-nginx
install_recommends: false
register: apt_result
retries: 3
@@ -68,19 +66,8 @@
state: link
notify: Restart nginx
-- name: Create /etc/letsencrypt/conf.d
- file:
- path: /etc/letsencrypt/conf.d
- state: directory
-
-- name: Add Certbot configuration
- template:
- src: "letsencrypt/conf.d/mailman.ini.j2"
- dest: "/etc/letsencrypt/conf.d/mailman.ini"
- mode: 0644
-
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
- dest: /etc/update-motd.d/05-mailman3
+ dest: /etc/update-motd.d/04-mailman3
mode: 0755
diff --git a/roles/mailman3/templates/nginx/sites-available/mailman3.j2 b/roles/mailman3/templates/nginx/sites-available/mailman3.j2
index 47ae1ebe..2d664910 100644
--- a/roles/mailman3/templates/nginx/sites-available/mailman3.j2
+++ b/roles/mailman3/templates/nginx/sites-available/mailman3.j2
@@ -42,8 +42,8 @@ server {
server_tokens off;
# SSL common conf
- ssl_certificate /etc/letsencrypt/live/mailman.crans.org/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/mailman.crans.org/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/crans.org/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/crans.org/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
@@ -55,7 +55,7 @@ server {
# Enable OCSP Stapling, point to certificate chain
ssl_stapling on;
ssl_stapling_verify on;
- ssl_trusted_certificate /etc/letsencrypt/live/mailman.crans.org/chain.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/crans.org/chain.pem;
location / {
uwsgi_pass mailman3;
--
GitLab