2017-11-26 23:03:27 +00:00
|
|
|
---
|
|
|
|
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
|
|
|
|
# Mastodon instance
|
|
|
|
|
|
|
|
- name: Install nginx and letsencrypt
|
|
|
|
apt: name={{ item }} state=latest update_cache=yes
|
|
|
|
with_items:
|
|
|
|
- nginx
|
|
|
|
- letsencrypt
|
|
|
|
- name: Stop nginx for now
|
|
|
|
service: name=nginx state=stopped
|
|
|
|
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
|
2017-11-27 03:47:13 +00:00
|
|
|
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
|
2017-11-26 23:03:27 +00:00
|
|
|
- name: Remove default nginx config in sites-enabled
|
|
|
|
file:
|
|
|
|
path: /etc/nginx/sites-enabled/default
|
|
|
|
state: absent
|
|
|
|
- name: Copy Mastodon nginx vhost template to sites-available
|
2017-11-26 23:11:14 +00:00
|
|
|
template:
|
2017-11-26 23:03:27 +00:00
|
|
|
src: mastodon-nginx.conf
|
2017-11-27 03:47:13 +00:00
|
|
|
dest: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
|
2017-11-26 23:03:27 +00:00
|
|
|
- name: Enable Mastodon nginx vhost template
|
|
|
|
file:
|
2017-11-27 03:47:13 +00:00
|
|
|
src: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
|
|
|
|
dest: /etc/nginx/sites-enabled/{{ ansible_nodename }}.conf
|
2017-11-26 23:03:27 +00:00
|
|
|
state: link
|
|
|
|
- name: Start nginx
|
|
|
|
service: name=nginx state=started
|
2017-11-26 23:24:45 +00:00
|
|
|
- name: Copy and enable Let's Encrypt renew script
|
|
|
|
copy:
|
|
|
|
src: letsencrypt-renew.sh
|
2018-03-22 13:23:44 +00:00
|
|
|
dest: /etc/cron.daily/letsencrypt-renew.sh
|
2017-11-26 23:24:45 +00:00
|
|
|
mode: 0700
|