|
|
|
- hosts: all
|
|
|
|
become: yes
|
|
|
|
tasks:
|
|
|
|
- name: install nginx
|
|
|
|
apt:
|
|
|
|
name: nginx
|
|
|
|
|
|
|
|
- name: install certbot
|
|
|
|
block:
|
|
|
|
- apt_repository:
|
|
|
|
repo: ppa:certbot/certbot
|
|
|
|
state: present
|
|
|
|
filename: certbot
|
|
|
|
- apt:
|
|
|
|
name: python-certbot-nginx
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
- name: nginx conf files
|
|
|
|
copy:
|
|
|
|
src: nginx/{{ item }}.conf
|
|
|
|
dest: /etc/nginx/conf.d/{{ item }}.conf
|
|
|
|
with_items:
|
|
|
|
- irregular-apocalypse.kejadlen.dev
|
|
|
|
- dev.irregular-apocalypse.kejadlen.dev
|
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
- name: obtain ssl certificates
|
|
|
|
command: >-
|
|
|
|
certbot certonly --nginx
|
|
|
|
-d {{ item }}
|
|
|
|
-m alpha+lets.encrypt@kejadlen.dev
|
|
|
|
--agree-tos
|
|
|
|
--non-interactive
|
|
|
|
args:
|
|
|
|
creates: /etc/letsencrypt/live/{{ item }}
|
|
|
|
with_items:
|
|
|
|
- irregular-apocalypse.kejadlen.dev
|
|
|
|
- dev.irregular-apocalypse.kejadlen.dev
|
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
- name: automatically renew certs
|
|
|
|
cron:
|
|
|
|
name: renew certs
|
|
|
|
minute: "0"
|
|
|
|
hour: "12"
|
|
|
|
job: /usr/bin/certbot renew --quiet
|
|
|
|
|
|
|
|
handlers:
|
|
|
|
|
|
|
|
- name: reload nginx
|
|
|
|
shell: nginx -t && nginx -s reload
|