You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
1.4 KiB
66 lines
1.4 KiB
2 years ago
|
---
|
||
|
|
|
||
|
|
- name: Set up Lets Encrypt
|
||
|
|
hosts: ramble-hard
|
||
|
|
vars_files:
|
||
|
|
- ../vars.private
|
||
|
|
tasks:
|
||
|
|
|
||
|
|
- apt:
|
||
|
|
update_cache: yes
|
||
|
|
|
||
|
|
- package:
|
||
|
|
name:
|
||
|
|
- certbot
|
||
|
|
- nginx
|
||
|
|
|
||
|
|
- service:
|
||
|
|
name: nginx
|
||
|
|
state: stopped
|
||
|
|
|
||
|
|
- command: >
|
||
|
|
certbot certonly --standalone --preferred-challenges http
|
||
|
|
-n --agree-tos -m {{ lets_encrypt.email }}
|
||
|
|
-d {{ tld }}
|
||
|
|
vars:
|
||
|
|
tld: "{{ item.value['subdomain'] | default(item.key) }}.{{ domain }}"
|
||
|
|
loop: "{{ apps | dict2items }}"
|
||
|
|
|
||
|
|
- service:
|
||
|
|
name: nginx
|
||
|
|
state: started
|
||
|
|
|
||
|
|
- template:
|
||
|
|
src: renew-certs
|
||
|
|
dest: /etc/cron.daily/renew-certs
|
||
|
|
mode: +x
|
||
|
|
|
||
|
|
# - name: Set up nginx proxies
|
||
|
|
# hosts: ramble-hard
|
||
|
|
# vars_files:
|
||
|
|
# - ../vars.private
|
||
|
|
# tasks:
|
||
|
|
|
||
|
|
# - template:
|
||
|
|
# src: nginx.conf
|
||
|
|
# dest: /etc/nginx/sites-available/{{ item.key }}.conf
|
||
|
|
# vars:
|
||
|
|
# server_name: "{{ item.value['subdomain'] | default(item.key) }}.{{ domain }}"
|
||
|
|
# port: "{{ item.value['port'] }}"
|
||
|
|
# loop: "{{ apps | dict2items }}"
|
||
|
|
# notify: Restart nginx
|
||
|
|
|
||
|
|
# - file:
|
||
|
|
# src: /etc/nginx/sites-available/{{ item.key }}.conf
|
||
|
|
# dest: /etc/nginx/sites-enabled/{{ item.key }}.conf
|
||
|
|
# state: link
|
||
|
|
# loop: "{{ apps | dict2items }}"
|
||
|
|
# notify: Restart nginx
|
||
|
|
|
||
|
|
# handlers:
|
||
|
|
|
||
|
|
# - name: Restart nginx
|
||
|
|
# service:
|
||
|
|
# name: nginx
|
||
|
|
# state: restarted
|