diff --git a/mgmt/do-jeremydormitzer-com/terraform/data.tf b/mgmt/do-jeremydormitzer-com/terraform/data.tf index bb04830..75c9c0f 100644 --- a/mgmt/do-jeremydormitzer-com/terraform/data.tf +++ b/mgmt/do-jeremydormitzer-com/terraform/data.tf @@ -28,21 +28,6 @@ data "terraform_remote_state" "syncthing" { } } -data "terraform_remote_state" "wallabag" { - backend = "s3" - - config = { - skip_credentials_validation = true - skip_metadata_api_check = true - access_key = var.spaces_access_id - secret_key = var.spaces_secret_key - region = "us-east-1" - endpoint = "nyc3.digitaloceanspaces.com" - bucket = "jdormit-tf-state" - key = "prod/wallabag.tfstate" - } -} - data "terraform_remote_state" "freshrss" { backend = "s3" diff --git a/mgmt/do-jeremydormitzer-com/terraform/main.tf b/mgmt/do-jeremydormitzer-com/terraform/main.tf index a29688e..94a610c 100644 --- a/mgmt/do-jeremydormitzer-com/terraform/main.tf +++ b/mgmt/do-jeremydormitzer-com/terraform/main.tf @@ -88,7 +88,7 @@ resource "digitalocean_record" "wallabag" { domain = digitalocean_domain.jeremydormitzer_com.name type = "A" name = "wallabag" - value = data.terraform_remote_state.wallabag.outputs.ip_address + value = data.terraform_remote_state.nginx.outputs.nginx_ip_address ttl = 3600 } diff --git a/prod/nginx/packer/packer-manifest.json b/prod/nginx/packer/packer-manifest.json index a900bc2..fef0647 100644 --- a/prod/nginx/packer/packer-manifest.json +++ b/prod/nginx/packer/packer-manifest.json @@ -53,7 +53,25 @@ "artifact_id": "nyc1:93041994", "packer_run_uuid": "8a308586-3253-93bb-b2a7-c11151a8d19c", "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1633459198, + "files": null, + "artifact_id": "nyc1:93047327", + "packer_run_uuid": "4adb4205-6a8b-6a87-b92d-a3766eada22d", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1633469746, + "files": null, + "artifact_id": "nyc1:93061502", + "packer_run_uuid": "d18c424a-c0cd-547f-52f8-0496f2ece79f", + "custom_data": null } ], - "last_run_uuid": "8a308586-3253-93bb-b2a7-c11151a8d19c" + "last_run_uuid": "d18c424a-c0cd-547f-52f8-0496f2ece79f" } \ No newline at end of file diff --git a/prod/nginx/packer/terraform/templates/nginx.conf.template b/prod/nginx/packer/terraform/templates/nginx.conf.template index d583c1d..be2bf6b 100644 --- a/prod/nginx/packer/terraform/templates/nginx.conf.template +++ b/prod/nginx/packer/terraform/templates/nginx.conf.template @@ -61,6 +61,7 @@ http { error_log /var/log/nginx/${server.domain}_error.log; location / { + proxy_set_header Host $host; proxy_pass http://${server.ip}:${server.port}; } diff --git a/prod/wallabag/packer/Makefile b/prod/wallabag/packer/Makefile index db2cd13..f04b32b 100644 --- a/prod/wallabag/packer/Makefile +++ b/prod/wallabag/packer/Makefile @@ -1,5 +1,3 @@ -.PHONY: reissue-certs - packer-manifest.json: wallabag.json \ scripts/dependencies.sh \ scripts/nginx.sh \ @@ -8,9 +6,7 @@ packer-manifest.json: wallabag.json \ files/wallabag-nginx.conf \ files/entries.json \ files/wallabag-params.yml \ - files/clients.sql \ - certbot/live/wallabag.jeremydormitzer.com/fullchain.pem \ - certbot/live/wallabag.jeremydormitzer.com/privkey.pem + files/clients.sql packer build wallabag.json files/wallabag-params.yml: templates/wallabag-params.yml.template @@ -18,25 +14,3 @@ files/wallabag-params.yml: templates/wallabag-params.yml.template files/clients.sql: templates/clients.sql.template sigil -p -f templates/clients.sql.template > files/clients.sql - -certbot/live/wallabag.jeremydormitzer.com/fullchain.pem certbot/live/wallabag.jeremydormitzer.com/privkey.pem &: tmp/do.ini - certbot certonly -n \ - --agree-tos \ - --email ${CERTBOT_EMAIL} \ - --dns-digitalocean \ - --dns-digitalocean-credentials tmp/do.ini \ - --config-dir ./certbot \ - --work-dir ./certbot \ - --logs-dir ./certbot \ - -d wallabag.jeremydormitzer.com - -tmp/do.ini: templates/do.ini.template tmp - sigil -p -f templates/do.ini.template > tmp/do.ini - chmod 600 tmp/do.ini - -tmp: - mkdir tmp - -reissue-certs: - rm -rf certbot - make diff --git a/prod/wallabag/packer/files/wallabag-nginx.conf b/prod/wallabag/packer/files/wallabag-nginx.conf index e97ac35..f7b468a 100644 --- a/prod/wallabag/packer/files/wallabag-nginx.conf +++ b/prod/wallabag/packer/files/wallabag-nginx.conf @@ -32,29 +32,11 @@ server { return 404; } - listen [::]:443 ssl ipv6only=on; - listen 443 ssl; - - ssl_certificate /var/www/wallabag/fullchain.pem; - ssl_certificate_key /var/www/wallabag/privkey.pem; - - ssl_session_cache shared:le_nginx_SSL:1m; - ssl_session_timeout 1440m; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - - ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"; - + listen 80; + listen [::]:80; error_log /var/log/nginx/wallabag_error.log; access_log /var/log/nginx/wallabag_access.log; client_max_body_size 512M; # allows file uploads up to 512 megabytes -} - -server { - listen 80; - listen [::]:80; - return 301 https://$host$request_uri; } \ No newline at end of file diff --git a/prod/wallabag/packer/packer-manifest.json b/prod/wallabag/packer/packer-manifest.json index 845daca..60e891b 100644 --- a/prod/wallabag/packer/packer-manifest.json +++ b/prod/wallabag/packer/packer-manifest.json @@ -152,7 +152,16 @@ "artifact_id": "nyc1:92911527", "packer_run_uuid": "3a30edf6-a694-103e-2bf8-68fd5d530ec5", "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1633458464, + "files": null, + "artifact_id": "nyc1:93046881", + "packer_run_uuid": "def16176-d225-bf50-7611-7cde1c9e7c17", + "custom_data": null } ], - "last_run_uuid": "3a30edf6-a694-103e-2bf8-68fd5d530ec5" + "last_run_uuid": "def16176-d225-bf50-7611-7cde1c9e7c17" } \ No newline at end of file diff --git a/prod/wallabag/packer/scripts/nginx.sh b/prod/wallabag/packer/scripts/nginx.sh index 6757348..5e918e7 100644 --- a/prod/wallabag/packer/scripts/nginx.sh +++ b/prod/wallabag/packer/scripts/nginx.sh @@ -2,9 +2,6 @@ set -xe -sudo mv /tmp/fullchain.pem /var/www/wallabag/fullchain.pem -sudo mv /tmp/privkey.pem /var/www/wallabag/privkey.pem -chown www-data:www-data /var/www/wallabag/{fullchain,privkey}.pem sudo mv /tmp/wallabag-nginx.conf \ /etc/nginx/sites-available/wallabag.conf sudo ln -s /etc/nginx/sites-available/wallabag.conf \ diff --git a/prod/wallabag/packer/templates/do.ini.template b/prod/wallabag/packer/templates/do.ini.template deleted file mode 100644 index 7c6ec3f..0000000 --- a/prod/wallabag/packer/templates/do.ini.template +++ /dev/null @@ -1 +0,0 @@ -dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?} \ No newline at end of file diff --git a/prod/wallabag/packer/wallabag.json b/prod/wallabag/packer/wallabag.json index e7fefb0..57cbf00 100644 --- a/prod/wallabag/packer/wallabag.json +++ b/prod/wallabag/packer/wallabag.json @@ -35,21 +35,9 @@ }, { "type": "shell", - "environment_vars": [ - "ADMIN_PASSWORD={{user `wallabag_admin_password`}}" - ], + "environment_vars": ["ADMIN_PASSWORD={{user `wallabag_admin_password`}}"], "script": "scripts/wallabag.sh" }, - { - "type": "file", - "source": "certbot/live/wallabag.jeremydormitzer.com/fullchain.pem", - "destination": "/tmp/fullchain.pem" - }, - { - "type": "file", - "source": "certbot/live/wallabag.jeremydormitzer.com/privkey.pem", - "destination": "/tmp/privkey.pem" - }, { "type": "file", "source": "files/wallabag-nginx.conf",