Merge branch 'certificates' into 'master'

Add missing "create ssl cert" tasks See merge request !369

Merge branch 'certificates' into 'master'
685fdbdc · Jelle van der Waa · 2136ced8 · 316b8517 · 685fdbdc · 685fdbdc
Commit 685fdbdc authored 3 years ago by Jelle van der Waa
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -23,6 +23,12 @@
  user: name=archweb groups=uwsgi
  when: archweb_site|bool

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ [archweb_domain] + archweb_alternate_domains }}"]
+
 - name: set up nginx
  template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
  notify: reload nginx

--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -120,6 +120,12 @@
  become: true
  become_user: "{{ aurweb_user }}"

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ aurweb_domain }}"]
+
 - name: set up nginx
  template: src=nginx.d.conf.j2 dest={{ aurweb_nginx_conf }} owner=root group=root mode=644
  notify: reload nginx

--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -26,6 +26,12 @@
  notify:
    - run sievec

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ mail_domain }}"]
+
 - name: install dovecot cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/dovecot owner=root group=root mode=0755


--- a/roles/fluxbb/tasks/main.yml
+++ b/roles/fluxbb/tasks/main.yml
@@ -25,6 +25,12 @@
    user=fluxbb host=localhost password={{ fluxbb_db_password }}
    priv='fluxbb.*:ALL'

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ fluxbb_domain }}"]
+
 - name: create nginx log directory
  file: path=/var/log/nginx/{{ fluxbb_domain }} state=directory owner=root group=root mode=0755


--- a/roles/flyspray/tasks/main.yml
+++ b/roles/flyspray/tasks/main.yml
@@ -19,6 +19,12 @@
 - name: fix home permissions
  file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}" mode=0755

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ flyspray_domain }}"]
+
 - name: set up nginx
  template: src=nginx.d.conf.j2 dest="{{ flyspray_nginx_conf }}" owner=root group=root mode=644
  notify:

--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@@ -3,6 +3,12 @@
 - name: install grafana
  pacman: name=grafana state=present

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ grafana_domain }}"]
+
 - name: set up nginx
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/grafana.conf owner=root group=root mode=644
  notify:

--- a/roles/hedgedoc/tasks/main.yml
+++ b/roles/hedgedoc/tasks/main.yml
 ---

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ hedgedoc_domain }}"]
+
 - name: install hedgedoc
  pacman: name=hedgedoc state=present


--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -69,6 +69,12 @@
    group: http
    mode: 0640

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ keycloak_domain }}"]
+
 - name: make nginx log dir
  file: path="/var/log/nginx/{{ keycloak_domain }}" state=directory owner=root mode=0755


--- a/roles/patchwork/tasks/main.yml
+++ b/roles/patchwork/tasks/main.yml
@@ -21,6 +21,12 @@
 - name: set patchwork groups
  user: name=patchwork groups=uwsgi

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ patchwork_domain }}"]
+
 - name: set up nginx
  template: src=nginx.d.conf.j2 dest="{{ patchwork_nginx_conf }}" owner=root group=root mode=644
  notify:

--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -39,6 +39,13 @@
  notify:
    - reload postfix

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ mail_domain }}"]
+  when: postfix_smtpd_public
+
 - name: install postfix cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
  when: postfix_smtpd_public

--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -33,6 +33,12 @@
      Database: ''
    creates: /var/lib/quassel/quasselcore.conf

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ quassel_domain }}"]
+
 - name: install quassel cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/quassel owner=root group=root mode=0755


--- a/roles/security_tracker/tasks/main.yml
+++ b/roles/security_tracker/tasks/main.yml
@@ -77,6 +77,12 @@
 - name: restrict database permissions
  file: mode=0640 owner=security group=security path="{{ security_tracker_dir }}/tracker.db"

+- name: create ssl cert
+  include_role:
+    name: certificate
+  vars:
+    domains: ["{{ security_tracker_domain }}"]
+
 - name: set up nginx
  template: src=nginx.d.conf.j2 dest="{{ security_tracker_nginx_conf }}" owner=root group=root mode=644
  notify: