Add tls

2024-09-14 19:53:56 +02:00 · 2021-01-02 22:19:16 +01:00 · 2021-01-02 22:19:16 +01:00 · a6529a762e
commit a6529a762e
parent eb76bb68d7
3 changed files with 34 additions and 0 deletions
--- a/host_vars/mail01.l3d.space.yml
+++ b/host_vars/mail01.l3d.space.yml
@ -7,13 +7,29 @@ users:
    - l3d@derpy.l3d.yt
    - l3d@backup-rsa.l3d.yt
    - l3d@business.wingcon.com
+  mailwebuser:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com

 accounts:
  - l3d
+  - mailwebuser

 # mail domains
 additional_dns_maildomains: 'mail.l3d.space imap.l3d.space smtp.l3d.space'

+
+nginx_sites:
+  - name: 'mail.l3d.space'
+    webroot:
+      user: 'mailwebuser'
+
+acme_notification_email: "acme_{{ inventory_hostname }}@l3d.yt"
+
 # firewall
 firewall_allowed_tcp_ports:
  - "22"
--- a/site.yml
+++ b/site.yml
@ -31,5 +31,9 @@
  roles:
    - { role: mailserver_preperation, tags: [mail,mailserver_preperation,prep,mailserver]}
    - { role: unbound, tags: [mail,unbound]}
+    - { role: webhost2, tags: [mail,webhost]}
+    - { role: acmetool_fix, tags: [mail,acmetool]}
+    - { role: acmetool2, tags: [mail,acmetool]}
+    - { role: nginx2, tags: [mail,nginx]}
    - { role: robertdebock.dovecot, tags: [mail,postfix]}
 #    - { role: dovecot, tags: [mail,dovecot]}
--- a/templates/files/nginx/sites/mail.l3d.space_tls.conf
+++ b/templates/files/nginx/sites/mail.l3d.space_tls.conf
@ -0,0 +1,14 @@
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name mail.l3d.space;
+
+        include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+        include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+        include snippets/logging_{{ site.name }}.snippet.conf;
+
+        location / {
+                return 418;
+        }
+}