diff --git a/certs/websites/dustinandtabitha.com.cer b/certs/websites/dustinandtabitha.com.cer
new file mode 120000
index 0000000..c8c320c
--- /dev/null
+++ b/certs/websites/dustinandtabitha.com.cer
@@ -0,0 +1 @@
+../lego/dustinandtabitha.com.crt
\ No newline at end of file
diff --git a/certs/websites/dustinandtabitha.com.key b/certs/websites/dustinandtabitha.com.key
new file mode 120000
index 0000000..297d9f5
--- /dev/null
+++ b/certs/websites/dustinandtabitha.com.key
@@ -0,0 +1 @@
+../lego/dustinandtabitha.com.key
\ No newline at end of file
diff --git a/group_vars/public-web.yml b/group_vars/public-web.yml
index 83ebc95..0a13af9 100644
--- a/group_vars/public-web.yml
+++ b/group_vars/public-web.yml
@@ -9,3 +9,4 @@ apache_server_name: pyrocufflink.net
userdir_proxy_backend: http://files.pyrocufflink.blue
tabitha_publisher_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbeVaQ5eGTaQU9P0sqo9R2IISoe50qS/Hv/vvFdt3ce tabitha@Tabithas-MacBook-Pro.local
+dustinandtabitha_publisher_keys: '{{ tabitha_publisher_keys + dchwww_publisher_keys }}'
diff --git a/roles/websites/dustinandtabitha.com/files/dustinandtabitha.httpd.conf b/roles/websites/dustinandtabitha.com/files/dustinandtabitha.httpd.conf
new file mode 100644
index 0000000..851a5e6
--- /dev/null
+++ b/roles/websites/dustinandtabitha.com/files/dustinandtabitha.httpd.conf
@@ -0,0 +1,27 @@
+
+ServerName dustinandtabitha.com
+ServerAlias www.dustinandtabitha.com
+
+RewriteEngine On
+RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
+
+
+
+ServerName dustinandtabitha.com
+ServerAlias www.dustinandtabitha.com
+
+Include conf.d/ssl.include
+SSLCertificateKeyFile /etc/pki/tls/private/dustinandtabitha.com.key
+SSLCertificateFile /etc/pki/tls/certs/dustinandtabitha.com.cer
+
+
+ Header always set \
+ Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+
+
+DocumentRoot /srv/www/dustinandtabitha/htdocs
+
+ Require all granted
+
+
diff --git a/roles/websites/dustinandtabitha.com/meta/main.yml b/roles/websites/dustinandtabitha.com/meta/main.yml
new file mode 100644
index 0000000..b3c7823
--- /dev/null
+++ b/roles/websites/dustinandtabitha.com/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+- role: cert
+ vars:
+ cert_src: websites/dustinandtabitha.com.cer
+ cert_dest: /etc/pki/tls/certs/dustinandtabitha.com.cer
+ cert_key_src: websites/dustinandtabitha.com.key
+ cert_key_dest: /etc/pki/tls/private/dustinandtabitha.com.key
+ tags:
+ - websites/dustinandtabitha
diff --git a/roles/websites/dustinandtabitha.com/tasks/main.yml b/roles/websites/dustinandtabitha.com/tasks/main.yml
new file mode 100644
index 0000000..d0e85e6
--- /dev/null
+++ b/roles/websites/dustinandtabitha.com/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: ensure app group exists
+ group:
+ name: webapp.dustinandtabitha
+ state: present
+- name: ensure app user exists
+ user:
+ name: webapp.dustinandtabitha
+ group: webapp.dustinandtabitha
+ home: /srv/www/dustinandtabitha
+ createhome: true
+ state: present
+
+- name: ensure app home directory permissions are set
+ file:
+ path: /srv/www/dustinandtabitha
+ mode: '0755'
+ state: directory
+
+- name: ensure publisher keys are trusted
+ authorized_key:
+ key: "{{ dustinandtabitha_publisher_keys|join('\n') }}"
+ user: webapp.dustinandtabitha
+ exclusive: true
+- name: ensure authorized_keys file permissions are correct
+ file:
+ path: /srv/www/dustinandtabitha/.ssh/authorized_keys
+ mode: '0600'
+ owner: webapp.dustinandtabitha
+ group: webapp.dustinandtabitha
+ setype: ssh_home_t
+
+- name: ensure apache is configured to serve dustinandtabitha.com
+ copy:
+ src: dustinandtabitha.httpd.conf
+ dest: /etc/httpd/conf.d/dustinandtabitha.conf
+ mode: '0644'
+ notify: reload httpd
diff --git a/websites.yml b/websites.yml
old mode 100644
new mode 100755
index c21db87..429c04a
--- a/websites.yml
+++ b/websites.yml
@@ -48,6 +48,9 @@
- role: websites/tabitha
tags:
- websites/tabitha
+ - role: websites/dustinandtabitha.com
+ tags:
+ - websites/dustinandtabitha
tasks:
- name: ensure httpd service is running
service: