b91112516d
* Introduce Kumpir, our new www server, add wordpress role * move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook * set server type to services * fix typo * rename service-wordpress to service-nginx-wordpress * Add service-nginx-etherpad role * Add ed25519 keypair for system_users when supported. * Revert "Add ed25519 keypair for system_users when supported." This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534. * Change generated keys format to ed25519 * fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default * Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
27 lines
801 B
Django/Jinja
27 lines
801 B
Django/Jinja
#!/bin/sh
|
|
{% if acme_server == 'zuckerwatte' %}
|
|
DOMAINS="{{ inventory_hostname_short }}.{{ http_domain_external }}"
|
|
{% else %}
|
|
DOMAINS={{ http_domain_external }}
|
|
{% endif %}
|
|
LOCAL_DIR="/etc/nginx/ssl"
|
|
|
|
for DOMAIN in $DOMAINS;
|
|
do
|
|
#Get Certs
|
|
{% if acme_server == 'zuckerwatte' %}
|
|
rsync --delete -rz -e 'ssh -i /home/admin/.ssh/id_rsa -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN
|
|
{% else %}
|
|
rsync --delete -rz -e 'ssh -i /home/admin/.ssh/id_ed25519 -p 23' cert@{{ acme_server }}.{{ http_domain_internal }}:$DOMAIN/ $LOCAL_DIR/$DOMAIN
|
|
{% endif %}
|
|
|
|
#Fix Permissions
|
|
chmod 0550 $LOCAL_DIR/$DOMAIN
|
|
chmod 0440 $LOCAL_DIR/$DOMAIN/*
|
|
done
|
|
|
|
#Fix owners
|
|
chown -R www-data:admin $LOCAL_DIR
|
|
|
|
#restart
|
|
systemctl reload nginx.service || systemctl start nginx.service
|