diff --git a/ansible/irregular-apocalypse/docker.yml b/ansible/irregular-apocalypse/docker.yml new file mode 100644 index 0000000..f1b3020 --- /dev/null +++ b/ansible/irregular-apocalypse/docker.yml @@ -0,0 +1,24 @@ +- hosts: all + become: yes + tasks: + + - name: add the package repository key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + + - name: add the package repository + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable + state: present + filename: docker + + - name: install Docker + apt: + name: "{{ item }}" + update_cache: yes + with_items: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-compose diff --git a/ansible/irregular-apocalypse/main.yml b/ansible/irregular-apocalypse/main.yml index ba76605..adea2b7 100644 --- a/ansible/irregular-apocalypse/main.yml +++ b/ansible/irregular-apocalypse/main.yml @@ -28,7 +28,9 @@ - dotfiles - zsh +- import_playbook: docker.yml - import_playbook: js.yml +- import_playbook: nginx.yml - hosts: all tasks: diff --git a/ansible/irregular-apocalypse/nginx.conf b/ansible/irregular-apocalypse/nginx.conf new file mode 100644 index 0000000..17fb504 --- /dev/null +++ b/ansible/irregular-apocalypse/nginx.conf @@ -0,0 +1,22 @@ +server { + + server_name irregular-apocalypse.kejadlen.dev; + + # Redirect non-https traffic to https + if ($scheme != "https") { + return 301 https://$host$request_uri; + } + + location /dev { + proxy_pass http://localhost:3000/; + } + + listen 80; # managed by Certbot + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} diff --git a/ansible/irregular-apocalypse/nginx.yml b/ansible/irregular-apocalypse/nginx.yml new file mode 100644 index 0000000..b52db5b --- /dev/null +++ b/ansible/irregular-apocalypse/nginx.yml @@ -0,0 +1,49 @@ +- hosts: all + become: yes + tasks: + - name: install nginx + apt: + name: nginx + + - name: install certbot + block: + - apt_repository: + repo: ppa:certbot/certbot + state: present + filename: certbot + - apt: + name: python-certbot-nginx + update_cache: yes + + - name: setup nginx + copy: + src: nginx.conf + dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf + notify: + - reload nginx + + - name: obtain the certificate + command: >- + certbot --nginx + -d irregular-apocalypse.kejadlen.dev + -m alpha+lets.encrypt@kejadlen.dev + --agree-tos + --non-interactive + args: + creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev + notify: + - reload nginx + + - name: automatically renew certs + cron: + name: renew certs + minute: 0 + hour: 12 + job: /usr/bin/certbot renew --quiet + + handlers: + + - name: reload nginx + block: + - command: nginx -t + - command: nginx -s reload