From bef0a0a3a662a83273d459d3c39eac3e1ee7b404 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Tue, 1 Jan 2019 21:57:11 -0600
Subject: Split out nginx sites.

---
 roles/nginx/base/defaults/main.yaml |  3 +++
 roles/nginx/base/handlers/main.yaml |  5 +++++
 roles/nginx/base/tasks/certbot.yaml | 12 ++++++++++++
 roles/nginx/base/tasks/main.yaml    | 17 +++++++++++++++++
 4 files changed, 37 insertions(+)
 create mode 100644 roles/nginx/base/defaults/main.yaml
 create mode 100644 roles/nginx/base/handlers/main.yaml
 create mode 100644 roles/nginx/base/tasks/certbot.yaml
 create mode 100644 roles/nginx/base/tasks/main.yaml

(limited to 'roles/nginx/base')

diff --git a/roles/nginx/base/defaults/main.yaml b/roles/nginx/base/defaults/main.yaml
new file mode 100644
index 0000000..44b37f8
--- /dev/null
+++ b/roles/nginx/base/defaults/main.yaml
@@ -0,0 +1,3 @@
+---
+
+nginx_enable_ssl: No
diff --git a/roles/nginx/base/handlers/main.yaml b/roles/nginx/base/handlers/main.yaml
new file mode 100644
index 0000000..1feca07
--- /dev/null
+++ b/roles/nginx/base/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+  become: yes
+  systemd: name="nginx" state="restarted" daemon_reload="yes"
diff --git a/roles/nginx/base/tasks/certbot.yaml b/roles/nginx/base/tasks/certbot.yaml
new file mode 100644
index 0000000..194f5c9
--- /dev/null
+++ b/roles/nginx/base/tasks/certbot.yaml
@@ -0,0 +1,12 @@
+---
+
+# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
+
+- name: add certbot (letsencrypt) repo
+  become: yes
+  apt_repository: repo="ppa:certbot/certbot"
+
+- name: install nginx packages
+  become: yes
+  apt: name="python-certbot-nginx"
+  notify: restart nginx
diff --git a/roles/nginx/base/tasks/main.yaml b/roles/nginx/base/tasks/main.yaml
new file mode 100644
index 0000000..ee66773
--- /dev/null
+++ b/roles/nginx/base/tasks/main.yaml
@@ -0,0 +1,17 @@
+---
+
+- name: install nginx packages
+  become: yes
+  apt: name="nginx"
+
+- name: disable default site
+  become: yes
+  file: path="/etc/nginx/sites-enabled/default" state="absent"
+  notify: restart nginx
+
+- import_tasks: certbot.yaml
+  when: nginx_enable_ssl
+
+- name: enable nginx service
+  become: yes
+  systemd: name="nginx" enabled="yes" state="started"
-- 
cgit v1.2.3