From a6529a762e48f7a65d6c32df09be1ef33ff87267 Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 2 Jan 2021 22:19:16 +0100 Subject: [PATCH] Add tls --- host_vars/mail01.l3d.space.yml | 16 ++++++++++++++++ site.yml | 4 ++++ .../files/nginx/sites/mail.l3d.space_tls.conf | 14 ++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 templates/files/nginx/sites/mail.l3d.space_tls.conf diff --git a/host_vars/mail01.l3d.space.yml b/host_vars/mail01.l3d.space.yml index 16634e5..792d804 100644 --- a/host_vars/mail01.l3d.space.yml +++ b/host_vars/mail01.l3d.space.yml @@ -7,13 +7,29 @@ users: - l3d@derpy.l3d.yt - l3d@backup-rsa.l3d.yt - l3d@business.wingcon.com + mailwebuser: + - l3d@pinkie.l3d.yt + - l3d@mobile.l3d.yt + - l3d@backup.l3d.yt + - l3d@derpy.l3d.yt + - l3d@backup-rsa.l3d.yt + - l3d@business.wingcon.com accounts: - l3d + - mailwebuser # mail domains additional_dns_maildomains: 'mail.l3d.space imap.l3d.space smtp.l3d.space' + +nginx_sites: + - name: 'mail.l3d.space' + webroot: + user: 'mailwebuser' + +acme_notification_email: "acme_{{ inventory_hostname }}@l3d.yt" + # firewall firewall_allowed_tcp_ports: - "22" diff --git a/site.yml b/site.yml index 88f62c1..6cd4a3e 100644 --- a/site.yml +++ b/site.yml @@ -31,5 +31,9 @@ roles: - { role: mailserver_preperation, tags: [mail,mailserver_preperation,prep,mailserver]} - { role: unbound, tags: [mail,unbound]} + - { role: webhost2, tags: [mail,webhost]} + - { role: acmetool_fix, tags: [mail,acmetool]} + - { role: acmetool2, tags: [mail,acmetool]} + - { role: nginx2, tags: [mail,nginx]} - { role: robertdebock.dovecot, tags: [mail,postfix]} # - { role: dovecot, tags: [mail,dovecot]} diff --git a/templates/files/nginx/sites/mail.l3d.space_tls.conf b/templates/files/nginx/sites/mail.l3d.space_tls.conf new file mode 100644 index 0000000..3b23253 --- /dev/null +++ b/templates/files/nginx/sites/mail.l3d.space_tls.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name mail.l3d.space; + + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; + + location / { + return 418; + } +}