diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-15 01:08:13 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-15 01:08:13 -0400 |
commit | 29fd645619f044ccf207f6f09830c8ffa4867d65 (patch) | |
tree | fc9c3df9b35fa8486d6ec6331491496c876010af /modules | |
parent | c667159ff4a6142f320377000e1bbff62f7ad377 (diff) | |
download | puppet-tozt-29fd645619f044ccf207f6f09830c8ffa4867d65.tar.gz puppet-tozt-29fd645619f044ccf207f6f09830c8ffa4867d65.zip |
update to actual tozt.net
Diffstat (limited to 'modules')
-rwxr-xr-x | modules/certbot/files/bootstrap-certbot | 6 | ||||
-rw-r--r-- | modules/nginx/files/ssl | 4 | ||||
-rw-r--r-- | modules/tozt/files/nginx/doy-tls.conf | 2 | ||||
-rw-r--r-- | modules/tozt/manifests/site.pp | 2 |
4 files changed, 5 insertions, 9 deletions
diff --git a/modules/certbot/files/bootstrap-certbot b/modules/certbot/files/bootstrap-certbot index cb496f8..b5b634d 100755 --- a/modules/certbot/files/bootstrap-certbot +++ b/modules/certbot/files/bootstrap-certbot @@ -2,8 +2,6 @@ set -eu set -o pipefail -# XXX update to real domain name - config_dir="$1" if systemctl is-active -q nginx; then is_running=1 @@ -44,7 +42,7 @@ if [ -z "$is_running" ]; then fi if [ -z "$config_dir" ]; then - /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net + /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net else - /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d new.tozt.net --config-dir "$config_dir" + /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net --config-dir "$config_dir" fi diff --git a/modules/nginx/files/ssl b/modules/nginx/files/ssl index afe39dd..65b66a7 100644 --- a/modules/nginx/files/ssl +++ b/modules/nginx/files/ssl @@ -1,6 +1,6 @@ ssl on; -ssl_certificate /media/persistent/certbot/live/new.tozt.net/fullchain.pem; # XXX -ssl_certificate_key /media/persistent/certbot/live/new.tozt.net/privkey.pem; # XXX +ssl_certificate /media/persistent/certbot/live/tozt.net/fullchain.pem; +ssl_certificate_key /media/persistent/certbot/live/tozt.net/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_dhparam /etc/nginx/dhparam.pem; diff --git a/modules/tozt/files/nginx/doy-tls.conf b/modules/tozt/files/nginx/doy-tls.conf index 14f7039..e869a5c 100644 --- a/modules/tozt/files/nginx/doy-tls.conf +++ b/modules/tozt/files/nginx/doy-tls.conf @@ -1,6 +1,6 @@ server { listen 443 default; - server_name new.tozt.net; # XXX + server_name tozt.net; access_log /var/log/nginx/doy.access.log; error_log /var/log/nginx/doy.error.log; diff --git a/modules/tozt/manifests/site.pp b/modules/tozt/manifests/site.pp index 8eba113..3e925cf 100644 --- a/modules/tozt/manifests/site.pp +++ b/modules/tozt/manifests/site.pp @@ -48,13 +48,11 @@ class tozt::site { source => 'puppet:///modules/tozt/nginx/doy.conf'; "paste-tls": source => 'puppet:///modules/tozt/nginx/paste-tls.conf', - enabled => false, # XXX require => Class['certbot']; "paste": source => 'puppet:///modules/tozt/nginx/paste.conf'; "blog-tls": source => 'puppet:///modules/tozt/nginx/blog-tls.conf', - enabled => false, # XXX require => Class['certbot']; "blog": source => 'puppet:///modules/tozt/nginx/blog.conf'; |