projects / ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 413a688)
make letsencrypt optional for apache/postfix
authorRalf Jung <post@ralfj.de>
Sat, 16 Jun 2018 17:17:41 +0000 (19:17 +0200)
committerRalf Jung <post@ralfj.de>
Sat, 16 Jun 2018 17:17:41 +0000 (19:17 +0200)
roles/apache/templates/000-default.conf patch | blob | history
roles/email/templates/main.cf patch | blob | history
site.yml patch | blob | history

diff --git a/roles/apache/templates/000-default.conf b/roles/apache/templates/000-default.conf
index 8865a0ac29fb5f088210cf38e845f50bb146e02f..23f6f5e4ce817ed2256e00ee7ef39ab0afd96746 100644 (file)
--- a/roles/apache/templates/000-default.conf
+++ b/roles/apache/templates/000-default.conf
@@ -2,7 +2,9 @@
 <VirtualHost *:80>
     Redirect temp / https://{{ apache.default_host }}/
 </VirtualHost>
+{% if 'letsencrypt' in group_names %}
 <VirtualHost *:443>
     Use SSL letsencrypt/live
     Redirect temp / https://{{ apache.default_host }}/
 </VirtualHost>
+{% endif %}
diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf
index b674e428ebe9ea5fd198f8182e72755cd0ba2057..eb6bdf1660b8c4e4dd5eebed4d8e8fe92ef1f947 100644 (file)
--- a/roles/email/templates/main.cf
+++ b/roles/email/templates/main.cf
@@ -7,6 +7,7 @@ local_recipient_maps = $alias_maps
 mynetworks = {{ postfix.mynetworks }}
 {% endif %}
 
+{% if 'letsencrypt' in group_names %}
 # TLS server parameters
 smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain
 smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
@@ -17,6 +18,7 @@ smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
 smtpd_tls_ciphers = low
 smtpd_tls_mandatory_ciphers = high
+{% endif %}
 # TLS client parameters
 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
 smtp_tls_ciphers = low
diff --git a/site.yml b/site.yml
index 1483ba90b50a6a2394f143d1b7e519d3e13cf4b5..7c0c2d5adeb24bd98ba34c20faa1536e59934639 100644 (file)
--- a/site.yml
+++ b/site.yml
@@ -28,7 +28,7 @@
   tags: letsencrypt
 
 - hosts: email
-  # depends: letsencrypt, unbound
+  # depends: unbound
   gather_facts: no
   roles:
   - email
@@ -63,7 +63,6 @@
   tags: prosody
 
 - hosts: apache
-  # depends: letsencrypt
   gather_facts: no
   roles:
   - apache
Ansible playbooks for my servers