blob: 1405bedf7e985eb8a885a1d4739c4ceefdb52e4d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
- name: Copy first stage nginx config
copy:
src: nginx_nossl.conf
dest: /etc/nginx/nginx.conf
- name: Add nginx user to uwsgi group for access to uwsgi socket
user:
name: nginx
groups: uwsgi
append: yes
- name: Create subdomain content dirs
file:
path: /var/www/{{item}}
state: directory
owner: nginx
group: nginx
mode: 0550
loop:
- blog.jaseg.net
- kochbuch.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
- name: Copy uwsgi systemd socket config
copy:
src: uwsgi-app@.socket
dest: /etc/systemd/system/
- name: Copy uwsgi systemd service config
copy:
src: uwsgi-app@.service
dest: /etc/systemd/system/
- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
selinux:
state: permissive
policy: targeted
- name: Enable and launch nginx systemd service
systemd:
name: nginx.service
enabled: yes
state: restarted
- name: Create subdomain letsencrypt certificates
command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.net
args:
creates: /etc/letsencrypt/live/{{item}}/fullchain.pem
loop:
- blog.jaseg.net
- kochbuch.jaseg.net
- gerbolyze.jaseg.net
- tracespace.jaseg.net
- openjscad.jaseg.net
- pogojig.jaseg.net
- name: Copy final nginx config
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
- name: Restart nginx to load new cert
systemd:
name: nginx.service
state: restarted
- name: Enable certbot renewal timer
systemd:
name: certbot-renew.timer
enabled: yes
|