dotfiles/ansible/attitude-adjuster/lighttpd/main.yml

# https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771

- hosts: attitude-adjuster
  vars_files:
    - vars.yml.private
  become: yes
  tasks:

    - name: install certbot
      package:
        name: certbot
        state: present

    - name: obtain ssl certificates
      command: >-
        certbot certonly
        --webroot --webroot-path /var/www/html
        -d {{ item.fqdn }}
        -m alpha+lets.encrypt@kejadlen.dev
        --agree-tos
        --non-interactive
      args:
        creates: /etc/letsencrypt/live/{{ item.fqdn }}
      with_items:
        - "{{ home }}"
        - "{{ home_assistant }}"
        - "{{ homebridge }}"
        - "{{ pihole }}"

    - name: create combined pemfile
      shell: >-
        cat /etc/letsencrypt/live/{{ item.fqdn }}/privkey.pem
        /etc/letsencrypt/live/{{ item.fqdn }}/cert.pem >
        /etc/letsencrypt/live/{{ item.fqdn }}/combined.pem
      args:
        creates: /etc/letsencrypt/live/{{ item.fqdn }}/combined.pem
      with_items:
        - "{{ home }}"
        - "{{ home_assistant }}"
        - "{{ homebridge }}"
        - "{{ pihole }}"

    - name: let lighttpd read the pemfile
      file:
        path: /etc/letsencrypt/live/{{ item.fqdn }}
        state: directory
        recurse: yes
        owner: www-data
      with_items:
        - "{{ home }}"
        - "{{ home_assistant }}"
        - "{{ homebridge }}"
        - "{{ pihole }}"

    - name: enable mod_proxy
      command: lighttpd-enable-mod proxy
      ignore_errors: yes

    - name: update lighttpd configuration
      template:
        src: external.conf.private
        dest: /etc/lighttpd/external.conf
      notify: restart lighttpd

  handlers:
    - name: restart lighttpd
      service:
        name: lighttpd
        state: restarted
[ansible][attitude-adjuster] 5 years ago			`# https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771`

			`- hosts: attitude-adjuster`
			`vars_files:`
			`- vars.yml.private`
			`become: yes`
			`tasks:`

			`- name: install certbot`
			`package:`
			`name: certbot`
			`state: present`

			`- name: obtain ssl certificates`
			`command: >-`
			`certbot certonly`
			`--webroot --webroot-path /var/www/html`
			`-d {{ item.fqdn }}`
			`-m alpha+lets.encrypt@kejadlen.dev`
			`--agree-tos`
			`--non-interactive`
			`args:`
			`creates: /etc/letsencrypt/live/{{ item.fqdn }}`
			`with_items:`
			`- "{{ home }}"`
			`- "{{ home_assistant }}"`
			`- "{{ homebridge }}"`
			`- "{{ pihole }}"`

			`- name: create combined pemfile`
			`shell: >-`
			`cat /etc/letsencrypt/live/{{ item.fqdn }}/privkey.pem`
			`/etc/letsencrypt/live/{{ item.fqdn }}/cert.pem >`
			`/etc/letsencrypt/live/{{ item.fqdn }}/combined.pem`
			`args:`
			`creates: /etc/letsencrypt/live/{{ item.fqdn }}/combined.pem`
			`with_items:`
			`- "{{ home }}"`
			`- "{{ home_assistant }}"`
			`- "{{ homebridge }}"`
			`- "{{ pihole }}"`

			`- name: let lighttpd read the pemfile`
			`file:`
			`path: /etc/letsencrypt/live/{{ item.fqdn }}`
			`state: directory`
			`recurse: yes`
			`owner: www-data`
			`with_items:`
			`- "{{ home }}"`
			`- "{{ home_assistant }}"`
			`- "{{ homebridge }}"`
			`- "{{ pihole }}"`

			`- name: enable mod_proxy`
			`command: lighttpd-enable-mod proxy`
			`ignore_errors: yes`

			`- name: update lighttpd configuration`
			`template:`
			`src: external.conf.private`
			`dest: /etc/lighttpd/external.conf`
			`notify: restart lighttpd`

			`handlers:`
			`- name: restart lighttpd`
			`service:`
			`name: lighttpd`
			`state: restarted`