diff options
| author | Luke Hoersten <[email protected]> | 2020-06-09 19:21:46 -0500 |
|---|---|---|
| committer | Luke Hoersten <[email protected]> | 2020-06-09 19:21:46 -0500 |
| commit | f7b6a96abb76655be80967c28b56b62ac9fc37d7 (patch) | |
| tree | 8a489ddee78621a9b7bd2c9f4156623cd617da95 /nginx | |
| parent | 84bb36a6ba49c71f38178d2ddaeff7f94d2d6def (diff) | |
Moved over postgresql and nginx roles from pleroma roles.
Diffstat (limited to 'nginx')
| -rw-r--r-- | nginx/defaults/main.yaml | 10 | ||||
| -rw-r--r-- | nginx/handlers/main.yaml | 5 | ||||
| -rw-r--r-- | nginx/tasks/main.yaml | 39 |
3 files changed, 54 insertions, 0 deletions
diff --git a/nginx/defaults/main.yaml b/nginx/defaults/main.yaml new file mode 100644 index 0000000..c0db79d --- /dev/null +++ b/nginx/defaults/main.yaml @@ -0,0 +1,10 @@ +--- + +nginx_port: 80 +nginx_ssl_port: 443 +nginx_ssl_cert: "/etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem" +nginx_ssl_privkey: "/etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem" +nginx_enable_certbot: No +nginx_server_name: "{{ansible_host}}" +nginx_conf_dst: "{{nginx_server_name}}.nginx.conf" +nginx_admin_email: "admin@{{nginx_server_name}}" diff --git a/nginx/handlers/main.yaml b/nginx/handlers/main.yaml new file mode 100644 index 0000000..1feca07 --- /dev/null +++ b/nginx/handlers/main.yaml @@ -0,0 +1,5 @@ +--- + +- name: restart nginx + become: yes + systemd: name="nginx" state="restarted" daemon_reload="yes" diff --git a/nginx/tasks/main.yaml b/nginx/tasks/main.yaml new file mode 100644 index 0000000..5cace24 --- /dev/null +++ b/nginx/tasks/main.yaml @@ -0,0 +1,39 @@ +--- + +- name: install nginx packages + become: yes + apt: name="nginx" + +- name: install site + become: yes + template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}" + notify: restart nginx + +- name: install nginx packages + become: yes + apt: name="python-certbot-nginx" + notify: restart nginx + when: nginx_enable_certbot + +- name: install certbot in nginx + become: yes + command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}" + changed_when: false + when: nginx_enable_certbot + +- name: disable default site + become: yes + file: path="/etc/nginx/sites-enabled/default" state="absent" + notify: restart nginx + +- name: enable site + become: yes + file: + src: "/etc/nginx/sites-available/{{nginx_conf_dst}}" + dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}" + state: "link" + notify: restart nginx + +- name: enable nginx service + become: yes + systemd: name="nginx" enabled="yes" state="started" |