34 lines
1.2 KiB
YAML
34 lines
1.2 KiB
YAML
---
|
|
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
|
|
# Mastodon instance
|
|
|
|
- name: Install nginx and letsencrypt
|
|
apt: name={{ item }} state=latest update_cache=yes
|
|
with_items:
|
|
- nginx
|
|
- letsencrypt
|
|
- name: Stop nginx for now
|
|
service: name=nginx state=stopped
|
|
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
|
|
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
|
|
- name: Remove default nginx config in sites-enabled
|
|
file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
- name: Copy Mastodon nginx vhost template to sites-available
|
|
template:
|
|
src: mastodon-nginx.conf
|
|
dest: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
|
- name: Enable Mastodon nginx vhost template
|
|
file:
|
|
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
|
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
|
|
state: link
|
|
- name: Start nginx
|
|
service: name=nginx state=started
|
|
- name: Copy and enable Let's Encrypt renew script
|
|
copy:
|
|
src: letsencrypt-renew.sh
|
|
dest: /etc/cron.daily/letsencrypt-renew.sh
|
|
mode: 0700
|