update repos

2021-04-14 17:48:16 +02:00 · 2021-04-14 17:48:16 +02:00 · 0410707a81
parent 3b48d6481a
commit 0410707a81
8 changed files with 36 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -57,18 +57,24 @@ Mailzugang muss auf mail.nbit.ch noch gegeben werden (main.cf)!
 # curl https://get.acme.sh | sh -s email=info@nbit.ch
 # systemctl stop nginx
 # acme.sh --issue -d wo-bisch.ch -d www.wo-bisch.ch -w /home/appuser/wo-bisch-web --standalone
 # restorecon -irv /etc/letsencrypt
 [Sa Feb 27 17:27:34 CET 2021] Your cert is in  /root/.acme.sh/wo-bisch.ch/wo-bisch.ch.cer 
 [Sa Feb 27 17:27:34 CET 2021] Your cert key is in  /root/.acme.sh/wo-bisch.ch/wo-bisch.ch.key 
 [Sa Feb 27 17:27:34 CET 2021] The intermediate CA cert is in  /root/.acme.sh/wo-bisch.ch/ca.cer 
 [Sa Feb 27 17:27:34 CET 2021] And the full chain certs is there:  /root/.acme.sh/wo-bisch.ch/fullchain.cer 
 Install Certificate:
 # acme.sh --install-cert -d wo-bisch.ch --key-file /etc/letsencrypt/wo-bisch.ch/wo-bisch.ch.key --fullchain-file /etc/letsencrypt/wo-bisch.ch/fullchain.cer --reloadcmd  "service nginx force-reload"
 `
 ### Influxdb Users
 Retention: 365 Tage
 wobisch1:
 admin: admin7355
--- a/ansible/production
+++ b/ansible/production
@ -7,5 +7,5 @@ mail_forward_address=joerg.lehmann@nbit.ch
 document_root=/home/appuser/wo-bisch-web
 [wo_bisch_servers]
-wobisch1.wo-bisch.ch letsEncryptDomain=dev.wo-bisch.ch
+wobisch1.wo-bisch.ch letsEncryptDomain=dev.wo-bisch.ch influx_token=PWuleFEPB2YSduUkzkcW94V_-KFDK5Fi3MAeaA999Qe51OsGlJJSrcZ41pUAppCwF-z3rUNnyFQQJs8fCSTFzg==
-wobisch2.wo-bisch.ch letsEncryptDomain=wo-bisch.ch
+wobisch2.wo-bisch.ch letsEncryptDomain=wo-bisch.ch influx_token=Dl1ogBm4U9IgDgMqsHgFX04g4Rn9VyPqc94teQ9QzLztFUSttMTAwkch3TrdUk4c4vtr3eysZbsTaFrTQa-JqA==
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@ -58,6 +58,14 @@
    group: appuser
    mode: '0755'
 - name: Create /home/appuser/wo-bisch-lorahandler
  file:
    path: /home/appuser/wo-bisch-lorahandler
    state: directory
    owner: appuser
    group: appuser
    mode: '0755'
 - name: Allow apache to read files in /home/appuser/wo-bisch-web
  sefcontext:
    target: '/home/appuser/wo-bisch-web(/.*)?'
--- a/ansible/roles/influxsw/tasks/main.yml
+++ b/ansible/roles/influxsw/tasks/main.yml
@ -25,12 +25,15 @@
    enabled: yes
    state: started
- name: copy telegraf config
+- name: create telegraf config from template
-  copy:
+  template:
-    src: telegraf.conf
+    src: telegraf.conf.j2
    dest: /etc/telegraf/telegraf.conf
    mode: '0644'
  notify: Restart telegraf
-
+- name: fix permission of /etc/logrotate.d/influxdb
  file:
     path: /etc/logrotate.d/influxdb
     mode: 0644
--- a/ansible/roles/influxsw/templates/telegraf.conf.j2
+++ b/ansible/roles/influxsw/templates/telegraf.conf.j2
@ -26,6 +26,6 @@
 # Configuration for sending metrics to InfluxDB 2.0
 [[outputs.influxdb_v2]]
  urls = ["http://127.0.0.1:8086"]
-  token = "PWuleFEPB2YSduUkzkcW94V_-KFDK5Fi3MAeaA999Qe51OsGlJJSrcZ41pUAppCwF-z3rUNnyFQQJs8fCSTFzg=="
+  token = "{{ influx_token }}"
  organization = "wobischorg"
  bucket = "wobischbucket"
--- a/ansible/roles/nginx/handlers/main.yml
+++ b/ansible/roles/nginx/handlers/main.yml
@ -5,5 +5,5 @@
    state=restarted
 - name: Restore selinux context
-  command: restorecon -irv /root/.acme.sh/wo-bisch.ch
+  command: restorecon -irv /etc/letsencrypt
--- a/ansible/roles/nginx/tasks/main.yml
+++ b/ansible/roles/nginx/tasks/main.yml
@ -28,9 +28,9 @@
    - wo-bisch-web.css
    - wo-bisch-web-custom.css
- name: Allow apache to read files in /root/.acme.sh/{{ letsEncryptDomain }}
+- name: Allow apache to read files in /etc/letsencrypt/{{ letsEncryptDomain }}
  sefcontext:
-    target: '/root/.acme.sh/{{ letsEncryptDomain }}(/.*)?'
+    target: '/etc/letsencrypt/{{ letsEncryptDomain }}(/.*)?'
    setype: httpd_sys_content_t
    state: present
  notify:
@ -50,3 +50,9 @@
    group: root
    mode: '0644'
  notify: Restart nginx
 - name: create certificate directory
  file:
    path: /etc/letsencrypt/{{ letsEncryptDomain }}
    state: directory
--- a/ansible/roles/nginx/templates/nginx.conf.j2
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@ -39,7 +39,7 @@ http {
        listen       [::]:80 default_server;
        server_name  _;
-        return 301   https://wo-bisch.ch$request_uri;
+        return 301   https://{{ letsEncryptDomain }}$request_uri;
    }
@ -67,8 +67,8 @@ http {
        listen [::]:443 ssl ipv6only=on; 
        listen 443 ssl; 
-        ssl_certificate /root/.acme.sh/{{ letsEncryptDomain }}/fullchain.cer;
+        ssl_certificate /etc/letsencrypt/{{ letsEncryptDomain }}/fullchain.cer;
-        ssl_certificate_key /root/.acme.sh/{{ letsEncryptDomain }}/{{ letsEncryptDomain }}.key;
+        ssl_certificate_key /etc/letsencrypt/{{ letsEncryptDomain }}/{{ letsEncryptDomain }}.key;
    }
 }