63 lines
1.4 KiB
YAML
63 lines
1.4 KiB
YAML
- name: Set configuration parameters for Alpine
|
|
when: ansible_os_family == 'Alpine'
|
|
set_fact:
|
|
nginx_user: nginx
|
|
nginx_default_site: /etc/nginx/http.d/default.conf
|
|
|
|
- name: Set configuration parameters for Debian
|
|
when: ansible_os_family == 'Debian'
|
|
set_fact:
|
|
nginx_user: www-data
|
|
nginx_default_site: /etc/nginx/sites-available/default
|
|
|
|
- name: Install packages
|
|
package:
|
|
name:
|
|
- certbot
|
|
- nginx
|
|
|
|
- name: Create HTTP server directories
|
|
file:
|
|
path: /srv/http/.well-known
|
|
recurse: true
|
|
state: directory
|
|
owner: "{{ nginx_user }}"
|
|
group: "{{ nginx_user }}"
|
|
|
|
- name: Set up default HTTP server
|
|
copy:
|
|
src: default.conf
|
|
dest: "{{ nginx_default_site }}"
|
|
notify: reload nginx
|
|
|
|
- name: Enable nginx service
|
|
service:
|
|
name: nginx
|
|
enabled: true
|
|
state: started
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Get LE certificate
|
|
command:
|
|
cmd: >
|
|
certbot certonly
|
|
--non-interactive --agree-tos --register-unsafely-without-email
|
|
--webroot --webroot-path /srv/http
|
|
-d {{ ([dns_name] + tls_domains|default([])) | join(',') }}
|
|
creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
|
|
|
|
- name: Install certificate renewal deployment hook
|
|
copy:
|
|
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
|
src: reload-nginx.sh
|
|
mode: 0755
|
|
|
|
- name: Enable certbot renewal
|
|
cron:
|
|
name: "certbot renew"
|
|
job: "certbot renew --quiet"
|
|
user: root
|
|
hour: "2,14"
|
|
minute: "18"
|