Replace certbot with lego

2024-04-14 17:54:33 -05:00 · 2024-04-14 17:54:33 -05:00 · 93cbf7eb4c
commit 93cbf7eb4c
parent cb60bcb5f8
4 changed files with 10 additions and 8 deletions
--- a/roles/dl/defaults/main.yaml
+++ b/roles/dl/defaults/main.yaml
@ -4,5 +4,5 @@ dl_server_root: /var/www/dl
 dl_access_log: /var/log/nginx/dl.access.log
 dl_error_log: /var/log/nginx/dl.error.log
 dl_ssl_enabled: false
-dl_ssl_certificate: "/etc/letsencrypt/live/{{ dl_server_name }}/fullchain.pem"
-dl_ssl_certificate_key: "/etc/letsencrypt/live/{{ dl_server_name }}/privkey.pem"
+dl_ssl_certificate: "/var/lib/lego/certificates/{{ dl_server_name }}.crt"
+dl_ssl_certificate_key: "/var/lib/lego/certificates/{{ dl_server_name }}.key"
--- a/roles/gitea/defaults/main.yaml
+++ b/roles/gitea/defaults/main.yaml
@ -53,6 +53,8 @@ gitea_config:
    colorize: no
  service:
    register_manual_confirm: true
+  metrics:
+    enabled: true

 gitea_var_tree:
  - "{{ gitea_var_path }}"
@ -62,6 +64,6 @@ gitea_var_tree:
  - "{{ gitea_var_path }}/backup"

 gitea_ssl_enabled: yes
-gitea_ssl_certificate: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
-gitea_ssl_certificate_key: "/etc/letsencrypt/live/{{ gitea_domain }}/privkey.pem"
+gitea_ssl_certificate: "/var/lib/lego/certificates/{{ gitea_domain }}.crt"
+gitea_ssl_certificate_key: "/var/lib/lego/certificates/{{ gitea_domain }}.key"
 #gitea_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
--- a/roles/grafana/defaults/main.yaml
+++ b/roles/grafana/defaults/main.yaml
@ -26,8 +26,8 @@ grafana_config:
    http_port: "{{ grafana_port }}"

 grafana_ssl_enabled: true
-grafana_ssl_certificate: "/etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem"
-grafana_ssl_certificate_key: "/etc/letsencrypt/live/{{ grafana_domain }}/privkey.pem"
+grafana_ssl_certificate: "/var/lib/lego/certificates/{{ grafana_domain }}.crt"
+grafana_ssl_certificate_key: "/var/lib/lego/certificates/{{ grafana_domain }}.key"
 # grafana_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"


--- a/roles/prometheus/defaults/main.yaml
+++ b/roles/prometheus/defaults/main.yaml
@ -39,8 +39,8 @@ prometheus_bin_path: /usr/local/bin

 prometheus_ssl_enabled: true
 prometheus_hostname: "{{ prometheus_web_external_url | urlsplit('hostname') }}"
-prometheus_ssl_certificate: "/etc/letsencrypt/live/{{ prometheus_hostname }}/fullchain.pem"
-prometheus_ssl_certificate_key: "/etc/letsencrypt/live/{{ prometheus_hostname }}/privkey.pem"
+prometheus_ssl_certificate: "/var/lib/lego/certificates/{{ prometheus_hostname }}.crt"
+prometheus_ssl_certificate_key: "/var/lib/lego/certificates/{{ prometheus_hostname }}.key"

 prometheus_alertmanager_enabled: true