dotfiles/ansible/attitude-adjuster/nginx.yml

- hosts: attitude-adjuster
  vars_files:
    - vars.yml.private
  become: yes
  tasks:

    - name: install dependencies
      package:
        name: "{{ item }}"
        state: present
      with_items:
        - certbot
        - nginx
        - python3-certbot-nginx

    - name: allow for long domain names
      lineinfile:
        path: /etc/nginx/nginx.conf
        regexp: '^(\s*)# server_names_hash_bucket_size 64;$'
        line: '\1server_names_hash_bucket_size 64;'
        backrefs: yes

    - name: obtain ssl certs
      command: >-
        certbot certonly --nginx
        -d {{ item }}
        -m alpha+lets.encrypt@kejadlen.dev
        --agree-tos
        --non-interactive
      args:
        creates: /etc/letsencrypt/live/{{ item }}
      with_items:
        - "{{ home.fqdn }}"
        - "{{ home_assistant.fqdn }}"
        - "{{ pihole.fqdn }}"

    - name: configure nginx
      copy:
        content: |
          server {

              server_name {{ fqdn }};

              # Redirect non-https traffic to https
              if ($scheme != "https") {
                  return 301 https://$host$request_uri;
              }

              location / {
                  proxy_pass http://{{ proxy }}/;
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For nginx;
              }

              listen 80;

              listen 443 ssl;
              ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
              ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
              include /etc/letsencrypt/options-ssl-nginx.conf;
              ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

          }
        dest: /etc/nginx/conf.d/{{ fqdn }}.conf
      vars:
        fqdn: "{{ item.fqdn }}"
        proxy: "{{ item.nginx.proxy }}"
      with_items:
        - "{{ home }}"
        - "{{ home_assistant }}"
        - "{{ pihole }}"
[ansible][attitude-adjuster] 5 years ago			`- hosts: attitude-adjuster`
			`vars_files:`
			`- vars.yml.private`
			`become: yes`
			`tasks:`

			`- name: install dependencies`
			`package:`
			`name: "{{ item }}"`
			`state: present`
			`with_items:`
			`- certbot`
			`- nginx`
			`- python3-certbot-nginx`

			`- name: allow for long domain names`
			`lineinfile:`
			`path: /etc/nginx/nginx.conf`
			`regexp: '^(\s*)# server_names_hash_bucket_size 64;$'`
			`line: '\1server_names_hash_bucket_size 64;'`
			`backrefs: yes`

			`- name: obtain ssl certs`
			`command: >-`
			`certbot certonly --nginx`
			`-d {{ item }}`
			`-m alpha+lets.encrypt@kejadlen.dev`
			`--agree-tos`
			`--non-interactive`
			`args:`
			`creates: /etc/letsencrypt/live/{{ item }}`
			`with_items:`
			`- "{{ home.fqdn }}"`
			`- "{{ home_assistant.fqdn }}"`
			`- "{{ pihole.fqdn }}"`

			`- name: configure nginx`
			`copy:`
			`content: \|`
			`server {`

			`server_name {{ fqdn }};`

			`# Redirect non-https traffic to https`
			`if ($scheme != "https") {`
			`return 301 https://$host$request_uri;`
			`}`

			`location / {`
			`proxy_pass http://{{ proxy }}/;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For nginx;`
			`}`

			`listen 80;`

			`listen 443 ssl;`
			`ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;`
			`include /etc/letsencrypt/options-ssl-nginx.conf;`
			`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;`

			`}`
			`dest: /etc/nginx/conf.d/{{ fqdn }}.conf`
			`vars:`
			`fqdn: "{{ item.fqdn }}"`
			`proxy: "{{ item.nginx.proxy }}"`
			`with_items:`
			`- "{{ home }}"`
			`- "{{ home_assistant }}"`
			`- "{{ pihole }}"`