privatebin #183
|
@ -31,7 +31,7 @@ Exemple de playbook
|
||||||
- all
|
- all
|
||||||
vars:
|
vars:
|
||||||
# Supplanter ici les variables du rôle
|
# Supplanter ici les variables du rôle
|
||||||
domains: ['votre-vrai-domaine.org']
|
privatebin_domains: ['votre-vrai-domaine.org']
|
||||||
service: 'mon-privatebin'
|
service: 'mon-privatebin'
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -31,7 +31,7 @@ Example Playbook
|
||||||
- all
|
- all
|
||||||
vars:
|
vars:
|
||||||
# Overwrite the role variable here
|
# Overwrite the role variable here
|
||||||
domains: ['your-real-domain.org']
|
privatebin_domains: ['your-real-domain.org']
|
||||||
service: 'my-privatebin'
|
service: 'my-privatebin'
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
# defaults file for vars
|
# defaults file for vars
|
||||||
system_dep: "['apt-transport-https', 'git', 'certbot', 'acl', 'apache2', 'libapache2-mpm-itk', 'libapache2-mod-php', 'php-gd']"
|
privatebin_system_dep: "['apt-transport-https', 'git', 'certbot', 'acl', 'apache2', 'libapache2-mpm-itk', 'libapache2-mod-php', 'php-gd']"
|
||||||
git_url: 'https://github.com/PrivateBin/PrivateBin'
|
privatebin_git_url: 'https://github.com/PrivateBin/PrivateBin'
|
||||||
git_version: '1.5.1'
|
privatebin_git_version: '1.5.1'
|
||||||
domains: ['example.domain.org']
|
privatebin_domains: ['example.domain.net']
|
||||||
certbot_admin_email: 'mgauthier@evolix.ca'
|
privatebin_certbot_admin_email: 'security@example.net'
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
- name: Install main system dependencies
|
- name: Install main system dependencies
|
||||||
apt:
|
apt:
|
||||||
name: "{{ system_dep }}"
|
name: "{{ privatebin_system_dep }}"
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: Add UNIX account
|
- name: Add UNIX account
|
||||||
|
@ -13,9 +13,9 @@
|
||||||
|
|
||||||
- name: Clone privatebin repo (git)
|
- name: Clone privatebin repo (git)
|
||||||
git:
|
git:
|
||||||
repo: "{{ git_url }}"
|
repo: "{{ privatebin_git_url }}"
|
||||||
dest: "~/PrivateBin/"
|
dest: "~/PrivateBin/"
|
||||||
version: "{{ git_version | default(omit) }}"
|
version: "{{ privatebin_git_version | default(omit) }}"
|
||||||
update: yes
|
update: yes
|
||||||
force: true
|
force: true
|
||||||
umask: '0022'
|
umask: '0022'
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
|
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
stat:
|
stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ privatebin_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: Generate certificate only if required (first time)
|
- name: Generate certificate only if required (first time)
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ privatebin_certbot_admin_email }} -d {{ privatebin_domains |first }}
|
||||||
- name: Create the ssl dir if needed
|
- name: Create the ssl dir if needed
|
||||||
file:
|
file:
|
||||||
path: /etc/apache2/ssl
|
path: /etc/apache2/ssl
|
||||||
|
@ -72,7 +72,7 @@
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
stat:
|
stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ privatebin_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: (Re)template conf file for apache vhost with SSL
|
- name: (Re)template conf file for apache vhost with SSL
|
||||||
|
|
|
@ -10,9 +10,9 @@
|
||||||
|
|
||||||
- name: Update privatebin repo (git)
|
- name: Update privatebin repo (git)
|
||||||
git:
|
git:
|
||||||
repo: "{{ git_url }}"
|
repo: "{{ privatebin_git_url }}"
|
||||||
dest: "~/PrivateBin/"
|
dest: "~/PrivateBin/"
|
||||||
version: "{{ git_version }}"
|
version: "{{ privatebin_git_version }}"
|
||||||
update: yes
|
update: yes
|
||||||
force: true
|
force: true
|
||||||
become_user: "{{ service }}"
|
become_user: "{{ service }}"
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
SSLEngine On
|
SSLEngine On
|
||||||
SSLCertificateFile /etc/letsencrypt/live/{{ domains |first }}/fullchain.pem
|
SSLCertificateFile /etc/letsencrypt/live/{{ privatebin_domains |first }}/fullchain.pem
|
||||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domains |first }}/privkey.pem
|
SSLCertificateKeyFile /etc/letsencrypt/live/{{ privatebin_domains |first }}/privkey.pem
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName {{ domains |first }}
|
ServerName {{ privatebin_domains |first }}
|
||||||
|
|
||||||
{% if ssl.stat.exists %}
|
{% if ssl.stat.exists %}
|
||||||
RewriteEngine On
|
RewriteEngine On
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
{% if ssl.stat.exists %}
|
{% if ssl.stat.exists %}
|
||||||
<VirtualHost *:443>
|
<VirtualHost *:443>
|
||||||
ServerName {{ domains |first }}
|
ServerName {{ privatebin_domains |first }}
|
||||||
|
|
||||||
DocumentRoot /home/{{ service }}/PrivateBin
|
DocumentRoot /home/{{ service }}/PrivateBin
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue