[meta] pixelfed, let's encrypt

pull/35/head
Alpha Chen 3 years ago
parent ec653eb187
commit cbb6ef5100

@ -9,12 +9,20 @@
name: name:
- certbot - certbot
- service:
name: nginx
state: stopped
- command: > - command: >
certbot certonly --standalone --preferred-challenges http certbot certonly --standalone --preferred-challenges http
-n --agree-tos -m {{ lets_encrypt_email }} -n --agree-tos -m {{ lets_encrypt_email }}
-d {{ item }} -d {{ item }}
loop: "{{ lets_encrypt_tlds }}" loop: "{{ lets_encrypt_tlds }}"
- service:
name: nginx
state: started
- template: - template:
src: renew-certs src: renew-certs
dest: /etc/cron.daily/renew-certs dest: /etc/cron.daily/renew-certs

@ -9,7 +9,7 @@
- package: - package:
name: name:
- git - git
- python-psycopg2 # required for postgresql_user task - python3-psycopg2 # required for postgresql_user task
# pixelfed dependencies # pixelfed dependencies
- nginx - nginx
@ -38,6 +38,12 @@
become: true become: true
become_user: postgres become_user: postgres
- lineinfile:
path: /etc/php/7.3/fpm/php.ini
regexp: "^upload_max_filesize = "
line: "upload_max_filesize = 6M"
notify: Restart php-fpm
- copy: - copy:
src: /etc/php/7.3/fpm/pool.d/www.conf src: /etc/php/7.3/fpm/pool.d/www.conf
dest: /etc/php/7.3/fpm/pool.d/pixelfed.conf dest: /etc/php/7.3/fpm/pool.d/pixelfed.conf
@ -122,8 +128,16 @@
- { regexp: "^DB_CONNECTION=", line: "DB_CONNECTION=pgsql" } - { regexp: "^DB_CONNECTION=", line: "DB_CONNECTION=pgsql" }
- { regexp: "^DB_PORT=", line: "DB_PORT=5432" } - { regexp: "^DB_PORT=", line: "DB_PORT=5432" }
- { regexp: "^DB_PASSWORD=", line: "DB_PASSWORD={{ pixelfed_db_password }}" } - { regexp: "^DB_PASSWORD=", line: "DB_PASSWORD={{ pixelfed_db_password }}" }
- { regexp: "^MAIL_DRIVER=", line: "MAIL_DRIVER=smtp" }
- { regexp: "^MAIL_HOST=", line: "MAIL_HOST={{ pixelfed_mail_host }}" }
- { regexp: "^MAIL_PORT=", line: "MAIL_PORT={{ pixelfed_mail_port }}" }
- { regexp: "^MAIL_USERNAME=", line: "MAIL_USERNAME={{ pixelfed_mail_username }}" }
- { regexp: "^MAIL_PASSWORD=", line: "MAIL_PASSWORD={{ pixelfed_mail_password }}" }
- { regexp: "^MAIL_ENCRYPTION=", line: "MAIL_ENCRYPTION={{ pixelfed_mail_encryption }}" }
- { regexp: "^MAIL_FROM_ADDRESS=", line: "MAIL_FROM_ADDRESS={{ pixelfed_mail_from_address }}" }
- { regexp: "^ACTIVITY_PUB=", line: "ACTIVITY_PUB=true" } - { regexp: "^ACTIVITY_PUB=", line: "ACTIVITY_PUB=true" }
- { regexp: "^AP_REMOTE_FOLLOW=", line: "AP_REMOTE_FOLLOW=true" } - { regexp: "^AP_REMOTE_FOLLOW=", line: "AP_REMOTE_FOLLOW=true" }
notify: Clear Pixelfed cache
- command: php artisan {{ item }} - command: php artisan {{ item }}
args: args:
@ -138,6 +152,12 @@
- horizon:install - horizon:install
- horizon:publish - horizon:publish
handlers:
- name: Clear Pixelfed cache
command: php artisan config:cache
args:
chdir: /usr/share/pixelfed
- hosts: pixelfed - hosts: pixelfed
tasks: tasks:

Loading…
Cancel
Save