From 98cacf97c085183545b200f9b3a856dfac5471a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Tue, 1 Oct 2024 12:07:12 +0200
Subject: [PATCH] Fix jupyterhub configuration

---
 ansible/host_vars/oonidata.ooni.org                      | 1 +
 ansible/roles/oonidata/defaults/main.yml                 | 1 +
 ansible/roles/oonidata/templates/jupyterhub_config.py.j2 | 1 +
 ansible/roles/oonidata/templates/nginx-jupyterhub.j2     | 8 ++++----
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ansible/host_vars/oonidata.ooni.org b/ansible/host_vars/oonidata.ooni.org
index 72911e57..4dd0e917 100644
--- a/ansible/host_vars/oonidata.ooni.org
+++ b/ansible/host_vars/oonidata.ooni.org
@@ -1 +1,2 @@
 admin_group_name: adm
+tls_cert_dir: /var/lib/dehydrated/certs
diff --git a/ansible/roles/oonidata/defaults/main.yml b/ansible/roles/oonidata/defaults/main.yml
index f6218d09..c2b0d9d8 100644
--- a/ansible/roles/oonidata/defaults/main.yml
+++ b/ansible/roles/oonidata/defaults/main.yml
@@ -2,6 +2,7 @@ miniconda_install_dir: /opt/miniconda
 jupyterhub_config_dir: /etc/jupyterhub
 jupyterhub_runtime_dir: /srv/jupyterhub
 oonipipeline_runtime_dir: /srv/oonipipeline
+tls_cert_dir: /etc/letsencrypt/live
 admin_group_name: admin
 enable_oonipipeline_worker: true
 enable_jupyterhub: true
diff --git a/ansible/roles/oonidata/templates/jupyterhub_config.py.j2 b/ansible/roles/oonidata/templates/jupyterhub_config.py.j2
index 45ff58aa..ec6bd238 100644
--- a/ansible/roles/oonidata/templates/jupyterhub_config.py.j2
+++ b/ansible/roles/oonidata/templates/jupyterhub_config.py.j2
@@ -1,2 +1,3 @@
 c.JupyterHub.bind_url = 'http://127.0.0.1:8888'
 c.Spawner.cmd = ['{{ miniconda_install_dir }}/bin/jupyterhub-singleuser']
+c.Authenticator.allow_all = True
diff --git a/ansible/roles/oonidata/templates/nginx-jupyterhub.j2 b/ansible/roles/oonidata/templates/nginx-jupyterhub.j2
index fb882547..1d6ae57a 100644
--- a/ansible/roles/oonidata/templates/nginx-jupyterhub.j2
+++ b/ansible/roles/oonidata/templates/nginx-jupyterhub.j2
@@ -10,9 +10,9 @@ server {
 
     include /etc/nginx/ssl_intermediate.conf;
 
-    ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/chain.pem;
+    ssl_certificate {{ tls_cert_dir }}/{{ inventory_hostname }}/fullchain.pem;
+    ssl_certificate_key {{ tls_cert_dir }}/{{ inventory_hostname }}/privkey.pem;
+    ssl_trusted_certificate {{ tls_cert_dir }}/{{ inventory_hostname }}/chain.pem;
 
     server_name _;
     access_log  /var/log/nginx/{{ inventory_hostname }}.access.log;
@@ -37,4 +37,4 @@ server {
         proxy_set_header X-Scheme $scheme;
         proxy_buffering off;
     }
-}
\ No newline at end of file
+}