projects / ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 115d3cc)
Move dh2048 creation to base, remove server-scripts from base
authorRalf Jung <post@ralfj.de>
Fri, 11 May 2018 08:47:45 +0000 (10:47 +0200)
committerRalf Jung <post@ralfj.de>
Fri, 11 May 2018 08:47:45 +0000 (10:47 +0200)
roles/base/tasks/main.yml patch | blob | history
roles/postfix/defaults/main.yml [deleted file] patch | blob | history
roles/postfix/tasks/main.yml patch | blob | history
roles/postfix/templates/main.cf patch | blob | history
roles/prosody/defaults/main.yml patch | blob | history
roles/prosody/templates/prosody.cfg.lua patch | blob | history

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 5f264c6a6c4c1a1a0e56688fec7e4daf1f6767ce..0bc1caff8f5a127f348455138f7c84b49e9b21b9 100644 (file)
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -16,12 +16,11 @@
   apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
 - name: install some basic tools
   apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
-# server-scripts
-- name: clone server-scripts git repository
-  git:
-    dest: /root/server-scripts
-    repo: 'https://git.ralfj.de/server-scripts.git'
-    version: 07d301fd8adeaf8ad40591a418da394ad37816ce
+# dh2048
+- name: create dh2048 file
+  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
+  args:
+    creates: "/etc/ssl/dh2048.pem"
 # configuration
 - name: configure root shell
   copy:
diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
deleted file mode 100644 (file)
index b05f8de..0000000
--- a/roles/postfix/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-postfix:
-  paths:
-    dh2048: /etc/ssl/dh2048.pem
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 45eb9ee4999e564feba774254dc70bc6b2cc6adf..af796d3b0e541ef18efb3dd145c9bb4fe71b26b7 100644 (file)
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -1,8 +1,3 @@
-# base
-- name: create dh2048 file
-  command: openssl dhparam -out {{ postfix.paths.dh2048 }} 2048
-  args:
-    creates: "{{ postfix.paths.dh2048 }}"
 # daemons
 - import_tasks: unbound.yml
   tags: unbound
diff --git a/roles/postfix/templates/main.cf b/roles/postfix/templates/main.cf
index fa2082c630f3a2260e12857255a1f252d162f285..4488ec4ee4c06fa2e1d4fbaa9567f3a2e6a294f5 100644 (file)
--- a/roles/postfix/templates/main.cf
+++ b/roles/postfix/templates/main.cf
@@ -13,7 +13,7 @@ smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtpd_tls_security_level = may
 smtpd_tls_loglevel = 1
-smtpd_tls_dh1024_param_file = {{ postfix.paths.dh2048 }}
+smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
 smtpd_tls_ciphers = low
 smtpd_tls_mandatory_ciphers = high
diff --git a/roles/prosody/defaults/main.yml b/roles/prosody/defaults/main.yml
index 9fc3074e14f7fd34fd6141fb76286480460fa445..ebe70680d18d4c8e13ca033eed27558e1d70046d 100644 (file)
--- a/roles/prosody/defaults/main.yml
+++ b/roles/prosody/defaults/main.yml
@@ -1,4 +1,3 @@
 prosody:
   paths:
     modules: /var/lib/prosody/modules
-    dh2048: /etc/ssl/dh2048.pem
diff --git a/roles/prosody/templates/prosody.cfg.lua b/roles/prosody/templates/prosody.cfg.lua
index 4f99029ba609b931c75b8835d66ae47eaebeb779..fd805cc538b7f156502192bcbdd373b7dea03873 100644 (file)
--- a/roles/prosody/templates/prosody.cfg.lua
+++ b/roles/prosody/templates/prosody.cfg.lua
@@ -119,7 +119,7 @@ ssl = {
        key = "/etc/ssl/private/letsencrypt/live.key";
        certificate = "/etc/ssl/mycerts/letsencrypt/live.crt+chain";
        ciphers = "ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:!3DES";
-       dhparam = "{{ prosody.paths.dh2048 }}";
+       dhparam = "/etc/ssl/dh2048.pem";
 }
 -- support legacy clients
 legacy_ssl_ports = { 5223 }
Ansible playbooks for my servers