From e1d8c8617c782df6ef3b53f1cd5b9419df675d60 Mon Sep 17 00:00:00 2001
From: staticsafe <jogajog@sadiqsaif.com>
Date: Sat, 11 Sep 2021 14:55:36 -0400
Subject: [PATCH] add nitter-nginx role and enable it in site.yml

---
 group_vars/all.sample               |  3 +++
 nitter-nginx/tasks/main.yml         | 23 +++++++++++++++++++++++
 nitter-nginx/templates/account.conf | 10 ++++++++++
 site.yml                            |  2 +-
 4 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 nitter-nginx/tasks/main.yml
 create mode 100644 nitter-nginx/templates/account.conf

diff --git a/group_vars/all.sample b/group_vars/all.sample
index d280ffe..abbb2f6 100644
--- a/group_vars/all.sample
+++ b/group_vars/all.sample
@@ -10,3 +10,6 @@ NITTER_PORT: 8080
 # Specify the HMAC Nitter will use
 # generate this using pwgen -s 24 1
 NITTER_HMAC:
+
+# Specify the ACCOUNT_EMAIL for acme.sh
+ACME_ACCOUNT_EMAIL: letsencrypt@example.com
diff --git a/nitter-nginx/tasks/main.yml b/nitter-nginx/tasks/main.yml
new file mode 100644
index 0000000..82d1a45
--- /dev/null
+++ b/nitter-nginx/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+# This role sets up a SSL certificate for our web server and then sets up said
+# web server
+
+- name: Make TLS certificate storage directory
+  ansible.builtin.file: name=/etc/ssl/letsencrypt/ state=directory
+- name: Make sure /opt exists
+  ansible.builtin.file: name=/opt state=directory
+- name: Clone acme.sh repository
+  ansible.builtin.git:
+    repo: https://github.com/Neilpang/acme.sh.git
+    dest: /opt/acme.sh
+- name: Install acme.sh
+  ansible.builtin.shell: cd /opt/acme.sh && ./acme.sh --install
+- name: Template and copy over our account.conf for acme.sh
+  ansible.builtin:template:
+    src: account.conf
+    dest: /root/.acme.sh/account.conf
+- name: Generate certificate using acme.sh
+  ansible.builtin.shell: /root/.acme.sh/acme.sh --issue --standalone -d {{ NITTER_DOMAIN }} --pre-hook "service nginx stop"
+  ignore_errors: yes
+- name: Install certificate in storage directory
+  ansible.builtin.shell: /root/.acme.sh/acme.sh --install-cert -d {{ NITTER_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt --reloadcmd "service nginx restart"
diff --git a/nitter-nginx/templates/account.conf b/nitter-nginx/templates/account.conf
new file mode 100644
index 0000000..b5823bf
--- /dev/null
+++ b/nitter-nginx/templates/account.conf
@@ -0,0 +1,10 @@
+#LOG_FILE="/root/.acme.sh/acme.sh.log"
+#LOG_LEVEL=1
+
+AUTO_UPGRADE='1'
+
+#NO_TIMESTAMP=1
+
+ACCOUNT_EMAIL='{{ ACME_ACCOUNT_EMAIL }}'
+DEFAULT_ACME_SERVER='https://acme-v02.api.letsencrypt.org/directory'
+USER_PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin'
diff --git a/site.yml b/site.yml
index 99c5374..9101fa2 100644
--- a/site.yml
+++ b/site.yml
@@ -7,4 +7,4 @@
     - nitter-app
     - nitter-config
     - nitter-systemd
-#    - nitter-nginx
+    - nitter-nginx