Commit d81ea14d authored by Jan-Oliver Opdenhövel's avatar Jan-Oliver Opdenhövel
Browse files

A bit of documentation

parent 9b634458
# Certbot
This role sets up a certbot service that automatically obtains and renews TLS certificates.
## Parameters
### `certbot.domains`
A list of domains to aquire certificates for. The host has to be available by these domains.
### `certbot.email`
E-Mail address to send alerts to. This will be sent to Let's Encrypt!
## Installed files
### `/etc/letsencrypt/live/<hostname>`
Directory with the certificate (`cert.pem`) and private key (`privkey.pem`). May be used in other roles.
## Notes
The renewal service listens on on port 8080 and therefore needs a reverse proxy that accepts unencrypted HTTP requests to `/.well-known/acme-challenge/` on port 80 and forwards them to port 8080. This can be done easily by also applying the [Nginx role](../nginx).
\ No newline at end of file
# Element Web
This role sets up the Element webclient for the Matrix homeserver. It installs the webapp, configures it and adds a virtual host to Nginx.
The configuration is hardcoded since there'll probably never be two different Element instances hosted by the RBFSMI.
\ No newline at end of file
# Nginx
A role that sets up an Nginx webserver and reverse proxy.
## Adding a virtual host
This role doesn't setup any hosted content. Instead, other roles have to place a virtual server configuration into `/etc/nginx/vhosts/*.conf`. You can check out the virtual host configurations of [Element](../element-web/templates/vhost.conf) and [Synapse](../synapse/templates/vhost.conf) as examples.
Unencrypted HTTP requests are automatically forwarded to HTTPS, with the the exception of the path `/.well-known/acme-challange/`. Requests to this path are forwarded to `http://localhost:8080`, which is expected to be a certbot instance.
\ No newline at end of file
# PostgreSQL
This role sets up a postgresql database with automatic backup dumping and restoration.
The database directory is `/var/lib/postgres/data` and if doesn't exist, the backup dump will be restored.
## Parameters
### `postgresql.backup_dir`
The directory to dump the database to. The default is `/backup/` and the dump will be stored as `$BACKUP_DIR/postgres_pg_gump.sql`.
### `postgresql.client_auth`
A list of dictionaries for the [`pg_hba.conf`](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) file. This file contains a list of ways a client is allowed to access the database. The allowed dictionaries are `type`, `database`, `user`, `address`, and `method`.
\ No newline at end of file
# Synapse Matrix Server
This role sets up the Synapse Matrix Server for matrix.die-fachschaft.de.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment