We now use ansible_nodename so we don't need group_vars/all.sample
This commit is contained in:
parent
10e493ca8c
commit
ba11593f07
@ -1,3 +0,0 @@
|
||||
# COPY THIS TO 'all' and SET THIS TO YOUR OWN INSTANCE DOMAIN/SUBDOMAIN
|
||||
# BEFORE RUNNING PLAYBOOK
|
||||
mastodon_hostname:
|
@ -16,7 +16,7 @@ DB_PASS=
|
||||
DB_PORT=5432
|
||||
|
||||
# Your instance's domain (Don't modify this, we get this from a variable)
|
||||
LOCAL_DOMAIN={{ mastodon_hostname }}
|
||||
LOCAL_DOMAIN={{ ansible_nodename }}
|
||||
# We have HTTPS enabled
|
||||
LOCAL_HTTPS=true
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
- name: Stop nginx for now
|
||||
service: name=nginx state=stopped
|
||||
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
|
||||
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ mastodon_hostname }} --email "webmaster@{{ mastodon_hostname }}"
|
||||
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
|
||||
- name: Remove default nginx config in sites-enabled
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
@ -18,11 +18,11 @@
|
||||
- name: Copy Mastodon nginx vhost template to sites-available
|
||||
template:
|
||||
src: mastodon-nginx.conf
|
||||
dest: /etc/nginx/sites-available/{{ mastodon_hostname }}.conf
|
||||
dest: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
|
||||
- name: Enable Mastodon nginx vhost template
|
||||
file:
|
||||
src: /etc/nginx/sites-available/{{ mastodon_hostname }}.conf
|
||||
dest: /etc/nginx/sites-enabled/{{ mastodon_hostname }}.conf
|
||||
src: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
|
||||
dest: /etc/nginx/sites-enabled/{{ ansible_nodename }}.conf
|
||||
state: link
|
||||
- name: Start nginx
|
||||
service: name=nginx state=started
|
||||
|
@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ mastodon_hostname }};
|
||||
server_name {{ ansible_nodename }};
|
||||
# Useful for Let's Encrypt
|
||||
location /.well-known/acme-challenge/ { allow all; }
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
@ -15,15 +15,15 @@ server {
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name {{ mastodon_hostname }};
|
||||
server_name {{ ansible_nodename }};
|
||||
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ mastodon_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_hostname }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ ansible_nodename }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ ansible_nodename }}/privkey.pem;
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
|
Loading…
Reference in New Issue
Block a user