diff options
| author | alex <alex@pdp7.net> | 2026-01-05 11:52:23 +0100 |
|---|---|---|
| committer | alex <alex@pdp7.net> | 2026-01-05 12:08:13 +0100 |
| commit | 3d440014438c1b3bb741acaf17de631029227004 (patch) | |
| tree | 48d6e0315e01fea2aad31301da8ab2a87c68f04c | |
| parent | acadb5bbf9282f660d9b6e2706613eac4fd6aafe (diff) | |
Use self-signed cert when web server is not reachable
Also fix some punycode niggles
| -rw-r--r-- | infrastructure/incus-test-local.yaml | 5 | ||||
| -rw-r--r-- | infrastructure/production.yaml | 1 | ||||
| -rw-r--r-- | infrastructure/roles/incus_provision/tasks/main.yaml | 2 | ||||
| -rw-r--r-- | infrastructure/roles/web/tasks/main.yaml | 8 |
4 files changed, 14 insertions, 2 deletions
diff --git a/infrastructure/incus-test-local.yaml b/infrastructure/incus-test-local.yaml index 1ed937d..bede2d4 100644 --- a/infrastructure/incus-test-local.yaml +++ b/infrastructure/incus-test-local.yaml @@ -2,6 +2,9 @@ local_incus: hosts: ñix.es: ansible_connection: community.general.incus - ansible_incus_host: incus-test-xn--ix-yja-es + ansible_incus_host: xn--incus-test-ix-es-hub ansible_become: false ansible_incus_project: user-1284000001 + web_server_reachable: false + public_hostname: incus-test-ñix-es + public_hostname_punycode: xn--incus-test-ix-es-hub diff --git a/infrastructure/production.yaml b/infrastructure/production.yaml index 19a260f..fbc1e71 100644 --- a/infrastructure/production.yaml +++ b/infrastructure/production.yaml @@ -4,6 +4,7 @@ ungrouped: ansible_become: true public_hostname: ñix.es public_hostname_punycode: xn--ix-yja.es + web_server_reachable: true all: vars: users: diff --git a/infrastructure/roles/incus_provision/tasks/main.yaml b/infrastructure/roles/incus_provision/tasks/main.yaml index 5ef6ad7..178687b 100644 --- a/infrastructure/roles/incus_provision/tasks/main.yaml +++ b/infrastructure/roles/incus_provision/tasks/main.yaml @@ -1,5 +1,5 @@ - name: create incus container - ansible.builtin.shell: incus info incus-test-xn--ix-yja-es || incus launch images:debian/13 incus-test-xn--ix-yja-es --vm + ansible.builtin.shell: incus info {{ ansible_incus_host }} || incus launch images:debian/13 {{ ansible_incus_host }} --vm delegate_to: 127.0.0.1 - name: install python ansible.builtin.raw: apt install -y python3 diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml index 92bb88f..f9c722a 100644 --- a/infrastructure/roles/web/tasks/main.yaml +++ b/infrastructure/roles/web/tasks/main.yaml @@ -30,12 +30,20 @@ ansible.builtin.copy: dest: /etc/apache2/sites-enabled/ssl.conf content: | + {% if web_server_reachable %} MDomain {{ public_hostname_punycode }} MDCertificateAgreement accepted + {% endif %} <VirtualHost *:443> ServerName {{ public_hostname_punycode }} SSLEngine on + + {% if not web_server_reachable %} + SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem" + SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key" + {% endif %} + ServerAdmin {{ admin_email }} <Location /vaultwarden/> |