Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
W
webservices
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
infra
ansible-shared
webservices
Merge requests
!12
Remove scip/zimpl binaries from shared repository
Code
Review changes
Check out branch
Open in Workspace
Download
Patches
Plain diff
Expand sidebar
Closed
Remove scip/zimpl binaries from shared repository
remove-scip-binaries
into
master
Overview
0
Commits
429
Pipelines
2
Changes
284
Closed
Remove scip/zimpl binaries from shared repository
Robin Sonnabend
requested to merge
remove-scip-binaries
into
master
Feb 25, 2021
Overview
0
Commits
429
Pipelines
2
Changes
284
0
0
Merge request reports
Compare
master
version 2
a9345f60
Feb 25, 2021
version 1
e61c2595
Feb 25, 2021
master (base)
and
latest version
latest version
a9345f60
429 commits,
Feb 25, 2021
version 2
a9345f60
1 commit,
Feb 25, 2021
version 1
e61c2595
1 commit,
Feb 25, 2021
284 files
+
9834
−
1671
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
Files
284
acmebot/defaults/main.yml
0 → 100644
+
196
−
0
View file @ a9345f60
---
acmebot_account_mail
:
"
{{
adminaddr
}}"
acmebot_version
:
"
v2.7.0"
acmebot_enable_update_check
:
true
acmebot_settings
:
{}
acmebot_default_settings
:
log_level
:
"
detail"
color_output
:
true
acme_directory_url
:
"
https://acme-v02.api.letsencrypt.org/directory"
public_suffix_list_url
:
"
https://publicsuffix.org/list/public_suffix_list.dat"
ocsp_responder_urls
:
-
"
http://ocsp.int-x3.letsencrypt.org"
reload_zone_command
:
null
nsupdate_command
:
null
hpkp_report_uri
:
null
ct_submit_logs
:
-
"
google_argon"
-
"
google_xenon"
file_user
:
root
file_group
:
root
key_size
:
4096
# null to turn off RSA certificates
key_curve
:
"
secp384r1"
# null to turn off ECDSA certificates
key_cipher
:
null
key_passphrase
:
null
# null to turn off private key encryption
dhparam_size
:
2048
# null to turn off custom dhparams
ecparam_curve
:
"
secp384r1"
# null to turn off custom EC params
follower_mode
:
false
ocsp_must_staple
:
false
# application support isn't good enough
auto_rollover
:
true
# must be false on followers
pin_subdomains
:
false
verify
:
null
# e.g. [443]
services
:
null
# e.g. [nginx-proxy]
hpkp_days
:
60
renewal_days
:
30
expiration_days
:
730
max_dns_lookup_attempts
:
60
dns_lookup_delay
:
10
max_domains_per_order
:
100
max_authorization_attempts
:
30
authorization_delay
:
10
cert_poll_time
:
30
max_ocsp_verify_attempts
:
10
ocsp_verify_retry_delay
:
5
min_run_delay
:
300
max_run_delay
:
3600
# can be empty string, e.g. when using only one key type
acmebot_key_suffixes
:
{}
acmebot_default_key_suffixes
:
rsa
:
"
.rsa"
ecdsa
:
"
.ecdsa"
# format strings with: name (of privkey or cert), key_type, suffix, server
# http_challenge uses: zone, host (without zone, "." if fqdn == zone), fqdn
# if http_challenge is set, defaults to http-01
# set to null for specified certs to use dns-01 for those
acmebot_directories
:
{}
acmebot_default_directories
:
pid
:
"
/run/acmebot"
log
:
"
/var/log/acmebot"
resource
:
"
/var/lib/acmebot"
temp
:
null
private_key
:
/etc/ssl/acmebot/privkey
backup_key
:
/etc/ssl/acmebot/backup_privkey
previous_key
:
null
full_key
:
/etc/ssl/acmebot/full_privkey
# maybe null to turn off
certificate
:
/etc/ssl/acmebot/cert
full_certificate
:
/etc/ssl/acmebot/full_cert
# maybe null
chain
:
/etc/ssl/acmebot/chain
# maybe null
param
:
/etc/ssl/acmebot/params
# maybe null
challenge
:
/etc/ssl/acmebot/challenges
# for dns-01 only
http_challenge
:
"
/var/run/acme/acme-challenge"
# maybe null
hpkp
:
/etc/ssl/acmebot/hpkp
# maybe null
ocsp
:
/etc/ssl/acmebot/ocsp
# maybe null
sct
:
"
/etc/ssl/acmebot/scts/{name}/{key_type}"
# maybe null
update_key
:
/etc/ssl/acmebot/update_keys
archive
:
/etc/ssl/acmebot/archive
# format strings with: name (of privkey or cert), key_type, suffix, server
acmebot_file_names
:
{}
acmebot_default_file_names
:
log
:
"
acmebot.log"
private_key
:
"
{name}{suffix}.pem"
backup_key
:
"
{name}_backup{suffix}.pem"
previous_key
:
"
{name}_previous{suffix}.pem"
full_key
:
"
{name}_full{suffix}.pem"
certificate
:
"
{name}{suffix}.pem"
full_certificate
:
"
{name}{suffix}.pem"
chain
:
"
{name}_chain{suffix}.pem"
param
:
"
{name}_param.pem"
challenge
:
"
{name}"
hpkp
:
"
{name}.{server}"
ocsp
:
"
{name}{suffix}.ocsp"
sct
:
"
{ct_log_name}.sct"
# override with null
acmebot_hpkp_headers
:
{}
acmebot_default_hpkp_headers
:
apache
:
"
Header
always
set
Public-Key-Pins
\"
{header}
\"\n
"
nginx
:
"
add_header
Public-Key-Pins
\"
{header}
\"
always;
\n
"
acmebot_services
:
{}
acmebot_default_services
:
dovecot
:
"
systemctl
restart
dovecot"
mysql
:
"
systemctl
reload
mysql"
nginx
:
"
systemctl
reload
nginx"
nginx-proxy
:
"
systemctl
reload
nginx-proxy"
postfix
:
"
systemctl
reload
postfix"
postgresql
:
"
systemctl
reload
postgresql"
prosody
:
"
systemctl
restart
prosody"
# authorizations to maintain without certficates (e.g. for master/follower)
acmebot_authorizations
:
{}
# <zone-name>:
# - <host-name>
# - <host-name>
# when global http_challenges directory set: use null to revert back to dns-01
# else: override dns-01 default with http-01 per domain
acmebot_http_challenges
:
{}
# <domain-name>: <challenge-directory>
# for doing DNSSEC manually, specify TSIG keys
acmebot_zone_update_keys
:
{}
# when using HPKP it may be beneficial to share private keys between certs
# this dict contains multiple certificate sections per private key,
# all key-specific config moved up
acmebot_private_keys
:
{}
acmebot_certificates
:
{}
# <certificate-name>:
# common_name: <common-name>
# alt_names:
# <zone-name>:
# - "@",
# - <host-name>
# services:
# - <service-name>
# tlsa_records:
# <zone-name>:
# - <host-name>
# - host: <host-name>
# port: <port-number>
# usage: pkix-ee
# selector: spki
# protocol: tcp
# ttl: 300
# dhparam_size: 2048
# ecparam_curve: secp384r1
# key_types:
# - rsa
# - ecdsa
# key_size: 4096
# key_curve: secp384r1
# key_cipher: blowfish
# key_passphrase:
# expiration_days: 730
# auto_rollover: false
# hpkp_days: 30
# pin_subdomains: true
# hpkp_report_uri:
# ocsp_must_staple: false
# ocsp_responder_urls:
# - "http://ocsp.int-x3.letsencrypt.org"
# ct_submit_logs:
# - google_icarus
# - google_pilot
# verify:
# - 443,
# - port: 25
# hosts:
# - <domain-name>
# - <domain-name>
# starttls: smtp
# key_types:
# - rsa
# - ecdsa
# all empty per default, see README for possible hook names
acmebot_hooks
:
{}
# This variable will override the built-in defaults. If you need to set it,
# you can grab an up-to-date copy of those defaults from the official
# repository to merge them manually.
# see also: https://www.certificate-transparency.org/known-logs
acmebot_ct_logs
:
{}
Loading