various fixes

author Felix Ableitner <me@nutomic.com>

Sun, 18 Aug 2019 14:39:19 +0000 (16:39 +0200)

committer Felix Ableitner <me@nutomic.com>

Tue, 20 Aug 2019 17:38:10 +0000 (19:38 +0200)
author Felix Ableitner <me@nutomic.com>
Sun, 18 Aug 2019 14:39:19 +0000 (16:39 +0200)
committer Felix Ableitner <me@nutomic.com>
Tue, 20 Aug 2019 17:38:10 +0000 (19:38 +0200)
diff --git a/ansible/lemmy.yml b/ansible/lemmy.yml

index 144479a65e9bea206683e25c6fbaf1533c6f93d7..7026200e3134b92023e32106346bfdc07e45afe3 100644 (file)
--- a/ansible/lemmy.yml
+++ b/ansible/lemmy.yml
@@ -16,21 +16,25 @@
    tasks:
    - name: install dependencies
      apt:
-      pkg: ['nginx', 'docker-compose', 'docker.io', 'certbot']
+      pkg: ['nginx', 'docker-compose', 'docker.io', 'certbot', 'python-certbot-nginx']
+
+  - name: request initial letsencrypt certificate
+    command: certbot certonly --nginx --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
+    args:
+      creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem'
  
    - name: create lemmy folder
      file: path={{item.path}} state=directory
      with_items:
        - { path: '/lemmy/' }
        - { path: '/lemmy/volumes/' }
-      - { path: '/var/www/certbot' }
  
    - name:  add all template files
      template: src={{item.src}} dest={{item.dest}}
      with_items:
        - { src: 'templates/env', dest: '/lemmy/.env' }
        - { src: 'templates/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
-      - { src: 'templates/nginx.conf', dest: '/lemmy/nginx.conf' }
+      - { src: 'templates/nginx.conf', dest: '/etc/nginx/sites-enabled/lemmy.conf' }
      vars:
        postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
        jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}"
@@ -43,11 +47,6 @@
        access_time: preserve
        modification_time: preserve
  
-  - name: request initial letsencrypt certificate
-    command: certbot certonly --standalone --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}'
-    args:
-      creates: '/etc/letsencrypt/live/{{domain}}/privkey.pem'
-
    - name: enable and start docker service
      systemd:
        name: docker
@@ -56,13 +55,16 @@
  
    - name: start docker-compose
      docker_compose:
-      project_src: /peertube/
+      project_src: /lemmy/
        state: present
        pull: yes
  
+  - name: reload nginx with new config
+    shell: nginx -s reload
+
    - name: certbot renewal cronjob
      cron:
        special_time=daily
-      name=certbot-renew
+      name=certbot-renew-lemmy
        user=root
-      job="certbot certonly --webroot --webroot-path=/var/www/certbot -d '{{ domain }}' --deploy-hook 'docker-compose -f /peertube/docker-compose.yml exec nginx nginx -s reload'"
+      job="certbot certonly --nginx -d '{{ domain }}' --deploy-hook 'docker-compose -f /peertube/docker-compose.yml exec nginx nginx -s reload'"
diff --git a/ansible/templates/docker-compose.yml b/ansible/templates/docker-compose.yml

index 6904e6b2ef84ac214608f24fee89e08e915e541b..af611045e1e153c4a3e000ae70a2b06dc98ff0bf 100644 (file)
--- a/ansible/templates/docker-compose.yml
+++ b/ansible/templates/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '2.4'
+version: "3.3"
  
  services:
  
@@ -6,9 +6,9 @@ services:
      image: postgres:12-alpine
      restart: always
      environment:
-      POSTGRES_USER=lemmy
-      POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      POSTGRES_DB=lemmy
+      - POSTGRES_USER=lemmy
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=lemmy
      volumes:
        - ./volumes/db:/var/lib/postgresql/data
      healthcheck:
@@ -23,10 +23,9 @@ services:
      ports:
        - "8536:8536"
      environment:
-      LEMMY_FRONT_END_DIR=/app/dist
-      DATABASE_URL=postgres://rrr:rrr@db:5432/rrr
-      JWT_SECRET=${JWT_SECRET}
-      HOSTNAME=${DOMAIN}
+      - LEMMY_FRONT_END_DIR=/app/dist
+      - DATABASE_URL=${DATABASE_URL}
+      - JWT_SECRET=${JWT_SECRET}
+      - HOSTNAME=${DOMAIN}
      depends_on: 
-      db: 
-        condition: service_healthy 
+      - db
diff --git a/ansible/templates/env b/ansible/templates/env

index e97aeef7dcc477b5a9b4ddd077002df267170435..12ff850662a7c932aeb8529561f599879c4af3de 100644 (file)
--- a/ansible/templates/env
+++ b/ansible/templates/env
@@ -1,4 +1,4 @@
  DOMAIN={{ domain }}
  DATABASE_PASSWORD={{ postgres_password }}
-DATABASE_URL=postgres://lemmy:${DATABASE_PASSWORD}@db:5432/lemmy
+DATABASE_URL=postgres://lemmy:{{ postgres_password }}@db:5432/lemmy
  JWT_SECRET={{ jwt_password }}
diff --git a/ansible/templates/nginx.conf b/ansible/templates/nginx.conf

index 4fc8bc32a3d8b014a772fa6c95d2cc6eb731aad2..21560b5f52441c824de69d27b2449139756d9a3d 100644 (file)
--- a/ansible/templates/nginx.conf
+++ b/ansible/templates/nginx.conf
@@ -13,8 +13,8 @@ server {
      listen 443 ssl http2;
      server_name {{ domain }};
  
-    ssl_certificate /certs/live/{{ domain }}/fullchain.pem;
-    ssl_certificate_key /certs/live/{{ domain }}/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
  
      # Various TLS hardening settings
      # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
author	Felix Ableitner <me@nutomic.com>
	Sun, 18 Aug 2019 14:39:19 +0000 (16:39 +0200)
committer	Felix Ableitner <me@nutomic.com>
	Tue, 20 Aug 2019 17:38:10 +0000 (19:38 +0200)
ansible/lemmy.yml		patch \| blob \| history
ansible/templates/docker-compose.yml		patch \| blob \| history
ansible/templates/env		patch \| blob \| history
ansible/templates/nginx.conf		patch \| blob \| history