|
|
|
# https://docs.pleroma.social/backend/installation/otp_en/
|
|
|
|
---
|
|
|
|
- hosts: ramble-hard
|
|
|
|
become: true
|
|
|
|
vars_files:
|
|
|
|
- ../vars.private
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- package:
|
|
|
|
name:
|
|
|
|
- certbot
|
|
|
|
- nginx
|
|
|
|
|
|
|
|
- service:
|
|
|
|
name: nginx
|
|
|
|
state: stopped
|
|
|
|
|
|
|
|
# certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
|
|
|
|
- command: >
|
|
|
|
certbot certonly --standalone --preferred-challenges http
|
|
|
|
-n --agree-tos -m {{ lets_encrypt.email }}
|
|
|
|
-d {{ pleroma.tld }}
|
|
|
|
|
|
|
|
- service:
|
|
|
|
name: nginx
|
|
|
|
state: started
|
|
|
|
|
|
|
|
# cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf
|
|
|
|
# ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
|
|
|
|
- copy:
|
|
|
|
src: /opt/pleroma/installation/pleroma.nginx
|
|
|
|
dest: /etc/nginx/sites-available/pleroma.conf
|
|
|
|
remote_src: true
|
|
|
|
notify: Restart nginx
|
|
|
|
# TODO: https://mastodon.bawue.social/@ixs/109514849935951693
|
|
|
|
- file:
|
|
|
|
src: /etc/nginx/sites-available/pleroma.conf
|
|
|
|
dest: /etc/nginx/sites-enabled/pleroma.conf
|
|
|
|
state: link
|
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
- replace:
|
|
|
|
path: /etc/nginx/sites-available/pleroma.conf
|
|
|
|
regexp: 'example\.tld'
|
|
|
|
replace: "{{ pleroma.tld }}"
|
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
# Copy the service into a proper directory
|
|
|
|
# cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
|
|
|
|
- copy:
|
|
|
|
src: /opt/pleroma/installation/pleroma.service
|
|
|
|
dest: /etc/systemd/system/pleroma.service
|
|
|
|
remote_src: true
|
|
|
|
# Start pleroma and enable it on boot
|
|
|
|
# systemctl start pleroma
|
|
|
|
# systemctl enable pleroma
|
|
|
|
notify: Restart pleroma
|
|
|
|
|
|
|
|
# Create the directory for webroot challenges
|
|
|
|
# mkdir -p /var/lib/letsencrypt
|
|
|
|
- file:
|
|
|
|
path: /var/lib/letsencrypt
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
# Add it to the daily cron
|
|
|
|
# echo '#!/bin/sh
|
|
|
|
# certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
|
|
|
|
# ' > /etc/cron.daily/renew-pleroma-cert
|
|
|
|
# chmod +x /etc/cron.daily/renew-pleroma-cert
|
|
|
|
- ansible.builtin.copy:
|
|
|
|
content: |
|
|
|
|
\#!/bin/sh
|
|
|
|
certbot renew --cert-name {{ pleroma.tld }} --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
|
|
|
|
dest: /etc/cron.daily/renew-pleroma-cert
|
|
|
|
mode: +x
|
|
|
|
# - template:
|
|
|
|
# src: renew-pleroma-cert
|
|
|
|
# dest: /etc/cron.daily/renew-pleroma-cert
|
|
|
|
# mode: +x
|
|
|
|
|
|
|
|
handlers:
|
|
|
|
- name: Restart nginx
|
|
|
|
service:
|
|
|
|
name: nginx
|
|
|
|
state: restarted
|
|
|
|
- name: Restart pleroma
|
|
|
|
service:
|
|
|
|
name: pleroma
|
|
|
|
enabled: true
|
|
|
|
state: restarted
|