From 9358a57baeeeaaf6132953f033f71469c0154604 Mon Sep 17 00:00:00 2001
From: jaseg <code@jaseg.net>
Date: Tue, 2 Apr 2019 04:36:10 +0900
Subject: gerboweb: Modularize deployment playbooks a bit

---
 setup_webserver.yml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 setup_webserver.yml

(limited to 'setup_webserver.yml')

diff --git a/setup_webserver.yml b/setup_webserver.yml
new file mode 100644
index 0000000..7dc65c5
--- /dev/null
+++ b/setup_webserver.yml
@@ -0,0 +1,52 @@
+- name: Copy first stage nginx config
+  copy:
+      src: nginx_nossl.conf
+      dest: /etc/nginx/nginx.conf
+
+- name: Add nginx user to uwsgi group for access to uwsgi socket
+  user:
+      name: nginx
+      groups: uwsgi
+      append: yes
+
+- name: Copy uwsgi systemd socket config
+  copy:
+      src: uwsgi-app@.socket
+      dest: /etc/systemd/system/
+
+- name: Copy uwsgi systemd service config
+  copy:
+      src: uwsgi-app@.service
+      dest: /etc/systemd/system/
+
+- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
+  selinux:
+    state: permissive
+    policy: targeted
+
+- name: Enable and launch nginx systemd service
+  systemd:
+      name: nginx.service
+      enabled: yes
+      state: restarted
+
+- name: Create letsencrypt certificate
+  command: certbot --nginx certonly -d gerbolyze.jaseg.net -n --agree-tos --email gerboweb@jaseg.net
+  args:
+      creates: /etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem
+
+- name: Copy final nginx config
+  copy:
+      src: nginx.conf
+      dest: /etc/nginx/nginx.conf
+
+- name: Restart nginx to load new cert
+  systemd:
+      name: nginx.service
+      state: restarted
+
+- name: Enable certbot renewal timer
+  systemd:
+      name: certbot-renew.timer
+      enabled: yes
+
-- 
cgit