--- munin_hosts: - name: "localhost" address: "127.0.0.1" extra: ["use_node_name yes"] - name: "host.example.org" address: "ssh://munin-async@host.example.org/ -W localhost:4949" munin_admin_user: "{{ vault_munin_admin_user }}" munin_admin_password: "{{ vault_munin_admin_password }}" private_key_munin_async_user_host: "{{ vault_private_key_munin_async_user_host }}" public_key_munin_async_user_host: "{{ vault_public_key_munin_async_user_host }}" munin_alerts: [] # Role ansible-role-certbot : defina auto renew, schedule, ... certbot_auto_renew: true certbot_auto_renew_user: "root" certbot_auto_renew_hour: "3" certbot_auto_renew_minute: "30" certbot_auto_renew_options: "--quiet --no-self-upgrade" certbot_admin_email: contact@wirebrass.fr certbot_create_if_missing: true certbot_create_method: standalone certbot_create_standalone_stop_services: - nginx certbot_certs: - domains: - "{{ inventory_hostname }}" nginx_remove_default_vhost: true nginx_vhosts: - listen: "80" server_name: "{{ inventory_hostname }}" return: "301 https://{{ inventory_hostname }}$request_uri" filename: "{{ inventory_hostname }}.80.conf" - listen: "443 ssl http2" server_name: "{{ inventory_hostname }}" root: "/var/cache/munin/www/static" filename: "{{ inventory_hostname }}.conf" extra_parameters: | ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location = / { rewrite ^/$ munin/ redirect; break; } location /munin/static/ { alias /etc/munin/static/; expires modified +1w; } location /munin/ { auth_basic "Restricted"; auth_basic_user_file /etc/munin/munin-htpasswd; alias /var/cache/munin/www/; expires modified +310s; }