Add tls

host_vars/mail01.l3d.space.yml

@@ -7,13 +7,29 @@ users:
     - l3d@derpy.l3d.yt
     - l3d@backup-rsa.l3d.yt
     - l3d@business.wingcon.com
+  mailwebuser:
+    - l3d@pinkie.l3d.yt
+    - l3d@mobile.l3d.yt
+    - l3d@backup.l3d.yt
+    - l3d@derpy.l3d.yt
+    - l3d@backup-rsa.l3d.yt
+    - l3d@business.wingcon.com
 
 accounts:
   - l3d
+  - mailwebuser
 
 # mail domains
 additional_dns_maildomains: 'mail.l3d.space imap.l3d.space smtp.l3d.space'
 
+
+nginx_sites:
+  - name: 'mail.l3d.space'
+    webroot:
+      user: 'mailwebuser'
+
+acme_notification_email: "acme_{{ inventory_hostname }}@l3d.yt"
+
 # firewall
 firewall_allowed_tcp_ports:
   - "22"

site.yml

@@ -31,5 +31,9 @@
   roles:
     - { role: mailserver_preperation, tags: [mail,mailserver_preperation,prep,mailserver]}
     - { role: unbound, tags: [mail,unbound]}
+    - { role: webhost2, tags: [mail,webhost]}
+    - { role: acmetool_fix, tags: [mail,acmetool]}
+    - { role: acmetool2, tags: [mail,acmetool]}
+    - { role: nginx2, tags: [mail,nginx]}
     - { role: robertdebock.dovecot, tags: [mail,postfix]}
 #    - { role: dovecot, tags: [mail,dovecot]}

templates/files/nginx/sites/mail.l3d.space_tls.conf

@@ -0,0 +1,14 @@
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name mail.l3d.space;
+
+        include snippets/tls_parameters_{{ site.name }}.snippet.conf;
+        include snippets/tls_certificate_{{ site.name }}.snippet.conf;
+        include snippets/logging_{{ site.name }}.snippet.conf;
+
+        location / {
+                return 418;
+        }
+}