diff --git a/group_vars/prod.yml b/group_vars/prod.yml index 10b2d28..e17bdbb 100644 --- a/group_vars/prod.yml +++ b/group_vars/prod.yml @@ -1,4 +1,4 @@ -domain: yerbamate.dev +domain: yerbamate.ml letsencrypt_contact_email: !vault | $ANSIBLE_VAULT;1.1;AES256 61393837323736363138343338353563313337383033366232343836633337333033636362616437 diff --git a/playbooks/gitea.yml b/playbooks/gitea.yml index eb04ce5..b4a99a6 100644 --- a/playbooks/gitea.yml +++ b/playbooks/gitea.yml @@ -68,6 +68,10 @@ certbot certonly --nginx --agree-tos -d '{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n certbot certonly --nginx --agree-tos -d 'weblate.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n certbot certonly --nginx --agree-tos -d 'grafana.{{ domain }}' -m '{{ letsencrypt_contact_email }}' -n + # keep old domain working for a while + certbot certonly --nginx --agree-tos -d 'yerbamate.dev' -m '{{ letsencrypt_contact_email }}' -n + certbot certonly --nginx --agree-tos -d 'weblate.yerbamate.dev' -m '{{ letsencrypt_contact_email }}' -n + certbot certonly --nginx --agree-tos -d 'grafana.yerbamate.dev' -m '{{ letsencrypt_contact_email }}' -n - name: reload nginx config and certs @@ -87,3 +91,9 @@ user=root job="certbot certonly --nginx -d weblate.{{ domain }} -n --deploy-hook 'nginx -s reload'" + - name: renew grafana certificates + cron: + special_time=daily + name=certbot-renew-grafana + user=root + job="certbot certonly --nginx -d grafana.{{ domain }} -n --deploy-hook 'nginx -s reload'" diff --git a/templates/gitea.conf b/templates/gitea.conf index f8a82da..f4662d3 100644 --- a/templates/gitea.conf +++ b/templates/gitea.conf @@ -8,6 +8,20 @@ map $geoip_country_code $allowed_country { IN no; } +# forward from old domain +server { + listen 80; + server_name yerbamate.dev; + return https://yerbamate.ml$request_uri; +} +server { + listen 443 ssl http2; + server_name yerbamate.dev; + ssl_certificate /etc/letsencrypt/live/yerbamate.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/yerbamate.dev/privkey.pem; + return https://yerbamate.ml$request_uri; +} + server { listen 80; server_name {{ domain }}; diff --git a/templates/grafana.conf b/templates/grafana.conf index 21ae164..05a1030 100644 --- a/templates/grafana.conf +++ b/templates/grafana.conf @@ -1,3 +1,17 @@ +# forward from old domain +server { + listen 80; + server_name grafana.yerbamate.dev; + return https://grafana.yerbamate.ml$request_uri; +} +server { + listen 443 ssl http2; + server_name grafana.yerbamate.dev; + ssl_certificate /etc/letsencrypt/live/grafana.yerbamate.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/grafana.yerbamate.dev/privkey.pem; + return https://grafana.yerbamate.ml$request_uri; +} + server { listen 80; server_name grafana.{{ domain }}; diff --git a/templates/weblate.conf b/templates/weblate.conf index 3a8e28b..1869012 100644 --- a/templates/weblate.conf +++ b/templates/weblate.conf @@ -3,6 +3,20 @@ map $geoip_country_code $allowed_country { CN no; } +# forward from old domain +server { + listen 80; + server_name weblate.yerbamate.dev; + return https://weblate.yerbamate.ml$request_uri; +} +server { + listen 443 ssl http2; + server_name weblate.yerbamate.dev; + ssl_certificate /etc/letsencrypt/live/weblate.yerbamate.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/weblate.yerbamate.dev/privkey.pem; + return https://weblate.yerbamate.ml$request_uri; +} + server { listen 80; server_name weblate.{{ domain }};