Thomas Buck
72cb7a3d23
letsencrypt cert folder should stay with ssl-cert group
5 anos atrás
Thomas Buck
bad2e4f9a1
Add tmux to common programs. Generate german locale. Remove unneeded empty lines.
5 anos atrás
Thomas Buck
04ba7ad539
Added Fathom statistics tracker to blog task
5 anos atrás
Thomas Buck
4cf67e7aed
Explicitly install postgres-9.6 and fix monit pid-file location for it.
5 anos atrás
Thomas Buck
f34c0c827f
Typo in common apache config, file actually ends with .conf
5 anos atrás
Thomas Buck
c41cd737fd
Support multiple domains for letsencrypt
5 anos atrás
Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
5 anos atrás
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
5 anos atrás
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
5 anos atrás
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
5 anos atrás
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
5 anos atrás
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
6 anos atrás
Bryan Voss
128b7e63a2
Update for Debian 9
7 anos atrás
Ndubisi Nwaku
55770977da
Add group name ssl-cert for SSL certificates
7 anos atrás
Aleksandr Bogdanov
cdc0d3fb4e
Fixing encfs shell invocation for ansible 2 compatibility
7 anos atrás
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
7 anos atrás
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
8 anos atrás
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
8 anos atrás
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
8 anos atrás
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 anos atrás
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 anos atrás
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 anos atrás
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 anos atrás
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 anos atrás
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 anos atrás
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 anos atrás
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 anos atrás
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 anos atrás
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 anos atrás
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 anos atrás
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 anos atrás
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 anos atrás
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 anos atrás
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 anos atrás
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 anos atrás
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 anos atrás
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 anos atrás
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 anos atrás
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 anos atrás
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 anos atrás
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
8 anos atrás
Dan Milon
829c8491c7
restart apache on SSL changes
9 anos atrás
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 anos atrás
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 anos atrás
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9 anos atrás
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9 anos atrás
Sebastian Kriems
968abba197
ufw tasks shall have the ufw tag
resolves #453
8 anos atrás
Sven Neuhaus
20bd80c599
Generate 2048 DH group and add it to Postfix
9 anos atrás
Dan Milon
34f3a483aa
Add SSL stapling cache for apache
Fixes #406
9 anos atrás
Dan Milon
a419d9403b
restart apache on SSL changes
9 anos atrás