Thomas Buck
72cb7a3d23
letsencrypt cert folder should stay with ssl-cert group
5 lat temu
Thomas Buck
bad2e4f9a1
Add tmux to common programs. Generate german locale. Remove unneeded empty lines.
5 lat temu
Thomas Buck
04ba7ad539
Added Fathom statistics tracker to blog task
5 lat temu
Thomas Buck
4cf67e7aed
Explicitly install postgres-9.6 and fix monit pid-file location for it.
5 lat temu
Thomas Buck
f34c0c827f
Typo in common apache config, file actually ends with .conf
5 lat temu
Thomas Buck
c41cd737fd
Support multiple domains for letsencrypt
5 lat temu
Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
5 lat temu
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
5 lat temu
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
5 lat temu
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
5 lat temu
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
5 lat temu
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
6 lat temu
Bryan Voss
128b7e63a2
Update for Debian 9
7 lat temu
Ndubisi Nwaku
55770977da
Add group name ssl-cert for SSL certificates
7 lat temu
Aleksandr Bogdanov
cdc0d3fb4e
Fixing encfs shell invocation for ansible 2 compatibility
7 lat temu
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
7 lat temu
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
8 lat temu
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
8 lat temu
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
8 lat temu
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 lat temu
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 lat temu
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 lat temu
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 lat temu
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 lat temu
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 lat temu
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 lat temu
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 lat temu
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 lat temu
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 lat temu
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 lat temu
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 lat temu
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 lat temu
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 lat temu
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 lat temu
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 lat temu
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 lat temu
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 lat temu
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 lat temu
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 lat temu
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 lat temu
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
8 lat temu
Dan Milon
829c8491c7
restart apache on SSL changes
9 lat temu
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 lat temu
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 lat temu
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9 lat temu
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9 lat temu
Sebastian Kriems
968abba197
ufw tasks shall have the ufw tag
resolves #453
8 lat temu
Sven Neuhaus
20bd80c599
Generate 2048 DH group and add it to Postfix
9 lat temu
Dan Milon
34f3a483aa
Add SSL stapling cache for apache
Fixes #406
9 lat temu
Dan Milon
a419d9403b
restart apache on SSL changes
9 lat temu