ansible-base/inventory_template/group_vars/munin_server.yml

54 lines
1.7 KiB
YAML
Raw Normal View History

2020-07-10 21:37:30 +02:00
---
munin_admin_user: "{{ vault_munin_admin_user }}"
munin_admin_password: "{{ vault_munin_admin_password }}"
2020-07-11 00:17:08 +02:00
private_key_munin_user_host: "{{ vault_private_key_munin_user_host }}"
public_key_munin_user_host: "{{ vault_public_key_munin_user_host }}"
2020-07-10 22:32:32 +02:00
2020-07-10 21:37:30 +02:00
munin_alerts: []
2020-07-11 00:01:16 +02:00
# Role ansible-role-certbot : defina auto renew, schedule, ...
certbot_auto_renew: true
certbot_auto_renew_user: "root"
certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade"
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- nginx
certbot_certs:
- domains:
- "{{ inventory_hostname }}"
nginx_remove_default_vhost: true
nginx_vhosts:
- listen: "80"
server_name: "{{ inventory_hostname }}"
return: "301 https://{{ inventory_hostname }}$request_uri"
filename: "{{ inventory_hostname }}.80.conf"
- listen: "443 ssl http2"
server_name: "{{ inventory_hostname }}"
root: "/var/cache/munin/www/static"
filename: "{{ inventory_hostname }}.conf"
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location = / {
rewrite ^/$ munin/ redirect; break;
}
location /munin/static/ {
alias /etc/munin/static/;
expires modified +1w;
}
location /munin/ {
auth_basic "Restricted";
auth_basic_user_file /etc/munin/munin-htpasswd;
2020-07-11 00:01:16 +02:00
alias /var/cache/munin/www/;
expires modified +310s;
}