Commit 69de3d10 authored by Florian Pritz's avatar Florian Pritz
Browse files

Update README regarding installation and certbot


Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent 769e6af8
...@@ -7,7 +7,7 @@ It also contains git submodules so you have to run `git submodule update --init ...@@ -7,7 +7,7 @@ It also contains git submodules so you have to run `git submodule update --init
#### Instructions #### Instructions
All systems are set up the same way. For the first time setup in the Hetzner rescue system, All systems are set up the same way. For the first time setup in the Hetzner rescue system,
run the provisioning script: `ansible-playbook playbooks/$hostname-provision.yml`. run the provisioning script: `ansible-playbook playbooks/install-arch.yml -l $host`.
The provisioning script configures a sane basic systemd with sshd. By design, it is NOT idempotent. The provisioning script configures a sane basic systemd with sshd. By design, it is NOT idempotent.
After the provisioning script has run, it is safe to reboot. After the provisioning script has run, it is safe to reboot.
...@@ -22,6 +22,8 @@ it is necessary to run the following once: ...@@ -22,6 +22,8 @@ it is necessary to run the following once:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w /var/lib/letsencrypt/ -d <domain-name> certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w /var/lib/letsencrypt/ -d <domain-name>
Note that some roles already run this automatically.
##### Note about opendkim ##### Note about opendkim
The opendkim DNS data has to be added to DNS manually. The roles verifies that the DNS is correct before starting opendkim. The opendkim DNS data has to be added to DNS manually. The roles verifies that the DNS is correct before starting opendkim.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment