From: Ralf Jung Date: Sat, 16 Jun 2018 17:17:41 +0000 (+0200) Subject: make letsencrypt optional for apache/postfix X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/93e78be7a2101609149534138cbd4c627a80c393?ds=inline;hp=413a688e37e2ca6fb569ec67f9b56b0b77f60d07 make letsencrypt optional for apache/postfix --- diff --git a/roles/apache/templates/000-default.conf b/roles/apache/templates/000-default.conf index 8865a0a..23f6f5e 100644 --- a/roles/apache/templates/000-default.conf +++ b/roles/apache/templates/000-default.conf @@ -2,7 +2,9 @@ Redirect temp / https://{{ apache.default_host }}/ +{% if 'letsencrypt' in group_names %} Use SSL letsencrypt/live Redirect temp / https://{{ apache.default_host }}/ +{% endif %} diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf index b674e42..eb6bdf1 100644 --- a/roles/email/templates/main.cf +++ b/roles/email/templates/main.cf @@ -7,6 +7,7 @@ local_recipient_maps = $alias_maps mynetworks = {{ postfix.mynetworks }} {% endif %} +{% if 'letsencrypt' in group_names %} # TLS server parameters smtpd_tls_cert_file=/etc/ssl/mycerts/letsencrypt/live.crt+chain smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key @@ -17,6 +18,7 @@ smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtpd_tls_ciphers = low smtpd_tls_mandatory_ciphers = high +{% endif %} # TLS client parameters smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_ciphers = low diff --git a/site.yml b/site.yml index 1483ba9..7c0c2d5 100644 --- a/site.yml +++ b/site.yml @@ -28,7 +28,7 @@ tags: letsencrypt - hosts: email - # depends: letsencrypt, unbound + # depends: unbound gather_facts: no roles: - email @@ -63,7 +63,6 @@ tags: prosody - hosts: apache - # depends: letsencrypt gather_facts: no roles: - apache