set host vars from ansible vault

ansible/host_vars/backend-fsn.ooni.org

@@ -0,0 +1,10 @@
+s3_ooni_open_data_access_key: "{{ vault_s3_ooni_open_data_access_key }}"
+amspg_ooni_org_onion_key: "{{ vault_amspg_ooni_org_onion_key }}"
+jwt_encryption_key: "{{ vault_jwt_encryption_key }}"
+account_id_hashing_key: "{{ vault_account_id_hashing_key }}"
+github_token: "{{ vault_github_token }}"
+mail_smtp_password: "{{ vault_mail_smtp_password }}"
+base_url: "https://backend-fsn.ooni.org"
+tor_targets: "{{ vault_tor_targets }}"
+psiphon_config: "{{ vault_orchestra_psiphon_config_file_content }}"
+digital_ocean_token: "{{ vault_digital_ocean_token }}"

ansible/host_vars/backend-hel.ooni.org

@@ -0,0 +1,8 @@
+s3_ooni_open_data_access_key: "{{ vault_s3_ooni_open_data_access_key }}"
+jwt_encryption_key: "{{ vault_jwt_encryption_key }}"
+account_id_hashing_key: "{{ vault_account_id_hashing_key }}"
+github_token: "{{ vault_github_token }}"
+mail_smtp_password: "{{ vault_mail_smtp_password }}"
+base_url: "https://backend-hel.ooni.org"
+tor_targets: "{{ vault_tor_targets }}"
+psiphon_config: "{{ vault_orchestra_psiphon_config_file_content }}"

ansible/roles/ooni-backend/templates/dehydrated.config

@@ -4,4 +4,3 @@ CONFIG_D=/etc/dehydrated/conf.d
 BASEDIR=/var/lib/dehydrated
 WELLKNOWN="${BASEDIR}/acme-challenges"
 DOMAINS_TXT="/etc/dehydrated/domains.txt"
-HOOK="/etc/dehydrated/haproxy_hook.sh"

ansible/roles/ooni-backend/templates/nginx-api.conf

@@ -153,11 +153,6 @@ server {
       return 200 "{{ inventory_hostname }}";
   }
 
-  # Serve ACME challenge from disk
-  location ^~ /.well-known/acme-challenge {
-    alias /var/lib/dehydrated/acme-challenges;
-  }
-
   location /metrics {
       return 200 '';
   }