summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorJesse Luehrs <doy@tozt.net>2018-10-15 01:08:13 -0400
committerJesse Luehrs <doy@tozt.net>2018-10-15 01:08:13 -0400
commit29fd645619f044ccf207f6f09830c8ffa4867d65 (patch)
treefc9c3df9b35fa8486d6ec6331491496c876010af /modules
parentc667159ff4a6142f320377000e1bbff62f7ad377 (diff)
downloadpuppet-tozt-29fd645619f044ccf207f6f09830c8ffa4867d65.tar.gz
puppet-tozt-29fd645619f044ccf207f6f09830c8ffa4867d65.zip
update to actual tozt.net
Diffstat (limited to 'modules')
-rwxr-xr-xmodules/certbot/files/bootstrap-certbot6
-rw-r--r--modules/nginx/files/ssl4
-rw-r--r--modules/tozt/files/nginx/doy-tls.conf2
-rw-r--r--modules/tozt/manifests/site.pp2
4 files changed, 5 insertions, 9 deletions
diff --git a/modules/certbot/files/bootstrap-certbot b/modules/certbot/files/bootstrap-certbot
index cb496f8..b5b634d 100755
--- a/modules/certbot/files/bootstrap-certbot
+++ b/modules/certbot/files/bootstrap-certbot
@@ -2,8 +2,6 @@
set -eu
set -o pipefail
-# XXX update to real domain name
-
config_dir="$1"
if systemctl is-active -q nginx; then
is_running=1
@@ -44,7 +42,7 @@ if [ -z "$is_running" ]; then
fi
if [ -z "$config_dir" ]; then
- /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net
+ /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net
else
- /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net --config-dir "$config_dir"
+ /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net --config-dir "$config_dir"
fi
diff --git a/modules/nginx/files/ssl b/modules/nginx/files/ssl
index afe39dd..65b66a7 100644
--- a/modules/nginx/files/ssl
+++ b/modules/nginx/files/ssl
@@ -1,6 +1,6 @@
ssl on;
-ssl_certificate /media/persistent/certbot/live/new.tozt.net/fullchain.pem; # XXX
-ssl_certificate_key /media/persistent/certbot/live/new.tozt.net/privkey.pem; # XXX
+ssl_certificate /media/persistent/certbot/live/tozt.net/fullchain.pem;
+ssl_certificate_key /media/persistent/certbot/live/tozt.net/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_dhparam /etc/nginx/dhparam.pem;
diff --git a/modules/tozt/files/nginx/doy-tls.conf b/modules/tozt/files/nginx/doy-tls.conf
index 14f7039..e869a5c 100644
--- a/modules/tozt/files/nginx/doy-tls.conf
+++ b/modules/tozt/files/nginx/doy-tls.conf
@@ -1,6 +1,6 @@
server {
listen 443 default;
- server_name new.tozt.net; # XXX
+ server_name tozt.net;
access_log /var/log/nginx/doy.access.log;
error_log /var/log/nginx/doy.error.log;
diff --git a/modules/tozt/manifests/site.pp b/modules/tozt/manifests/site.pp
index 8eba113..3e925cf 100644
--- a/modules/tozt/manifests/site.pp
+++ b/modules/tozt/manifests/site.pp
@@ -48,13 +48,11 @@ class tozt::site {
source => 'puppet:///modules/tozt/nginx/doy.conf';
"paste-tls":
source => 'puppet:///modules/tozt/nginx/paste-tls.conf',
- enabled => false, # XXX
require => Class['certbot'];
"paste":
source => 'puppet:///modules/tozt/nginx/paste.conf';
"blog-tls":
source => 'puppet:///modules/tozt/nginx/blog-tls.conf',
- enabled => false, # XXX
require => Class['certbot'];
"blog":
source => 'puppet:///modules/tozt/nginx/blog.conf';
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-01 11:23:18 +0000