We now use ansible_nodename so we don't need group_vars/all.sample

This commit is contained in:
staticsafe 2017-11-26 22:47:13 -05:00
parent 10e493ca8c
commit ba11593f07
4 changed files with 9 additions and 12 deletions

View File

@ -1,3 +0,0 @@
# COPY THIS TO 'all' and SET THIS TO YOUR OWN INSTANCE DOMAIN/SUBDOMAIN
# BEFORE RUNNING PLAYBOOK
mastodon_hostname:

View File

@ -16,7 +16,7 @@ DB_PASS=
DB_PORT=5432
# Your instance's domain (Don't modify this, we get this from a variable)
LOCAL_DOMAIN={{ mastodon_hostname }}
LOCAL_DOMAIN={{ ansible_nodename }}
# We have HTTPS enabled
LOCAL_HTTPS=true

View File

@ -10,7 +10,7 @@
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ mastodon_hostname }} --email "webmaster@{{ mastodon_hostname }}"
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
- name: Remove default nginx config in sites-enabled
file:
path: /etc/nginx/sites-enabled/default
@ -18,11 +18,11 @@
- name: Copy Mastodon nginx vhost template to sites-available
template:
src: mastodon-nginx.conf
dest: /etc/nginx/sites-available/{{ mastodon_hostname }}.conf
dest: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
- name: Enable Mastodon nginx vhost template
file:
src: /etc/nginx/sites-available/{{ mastodon_hostname }}.conf
dest: /etc/nginx/sites-enabled/{{ mastodon_hostname }}.conf
src: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
dest: /etc/nginx/sites-enabled/{{ ansible_nodename }}.conf
state: link
- name: Start nginx
service: name=nginx state=started

View File

@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
server {
listen 80;
listen [::]:80;
server_name {{ mastodon_hostname }};
server_name {{ ansible_nodename }};
# Useful for Let's Encrypt
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
@ -15,15 +15,15 @@ server {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ mastodon_hostname }};
server_name {{ ansible_nodename }};
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/{{ mastodon_hostname }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_hostname }}/privkey.pem;
ssl_certificate /etc/letsencrypt/live/{{ ansible_nodename }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ansible_nodename }}/privkey.pem;
keepalive_timeout 70;
sendfile on;