Select Git revision
renew-certs.yaml
-
nimrod authored
host01 is falling over running everything there. ns4 is secure enough for the logs (volumes are encrypted, I don't think that there are passwords or keys in the logs, just private information).
nimrod authoredhost01 is falling over running everything there. ns4 is secure enough for the logs (volumes are encrypted, I don't think that there are passwords or keys in the logs, just private information).
renew-certs.yaml 2.76 KiB
---
- name: Generate keys and certificates
hosts:
- localhost
gather_facts: false
handlers:
- name: Restart Nginx on host01
delegate_to: host01
command: docker restart web-proxy_proxy_1
- name: Restart Nginx on ns4
delegate_to: ns4
command: docker restart web-proxy_proxy_1
- name: Restart Nginx on kodi
delegate_to: kodi
command: docker restart web-proxy_proxy_1
- name: Reload Exim
delegate_to: host01
command: docker kill --signal SIGHUP mail_smtp_1
- name: Reload Dovecot
delegate_to: host01
command: docker kill --signal SIGHUP mail_imap_1
tasks:
- name: Issue certificate for ns4
include_tasks:
apply:
tags:
- ns4
file: '{{ playbook_dir }}/tasks/renew-cert.yaml'
vars:
domains:
- autoconfig.nehe.sr
- autoconfig.shore.co.il
- elasticsearch.shore.co.il
- kibana.shore.co.il
- myip.shore.co.il
- nehe.sr
- ns4.shore.co.il
- registry.shore.co.il
- shore.co.il
- www.nehe.sr
- www.shore.co.il
handlers:
- Restart Nginx on ns4
host: ns4
tags:
- always
- name: Issue certificate for host01
include_tasks:
apply:
tags:
- host01
file: '{{ playbook_dir }}/tasks/renew-cert.yaml'
vars:
domains:
- auth.shore.co.il
- code.shore.co.il
- git.shore.co.il
- lam.shore.co.il
- nextcloud.shore.co.il
- ns1.shore.co.il
- notify.shore.co.il
- sogo.shore.co.il
- vouch.shore.co.il
- zpush.shore.co.il