add nitter-nginx role and enable it in site.yml

group_vars/all.sample

@@ -10,3 +10,6 @@ NITTER_PORT: 8080
 # Specify the HMAC Nitter will use
 # generate this using pwgen -s 24 1
 NITTER_HMAC:
+
+# Specify the ACCOUNT_EMAIL for acme.sh
+ACME_ACCOUNT_EMAIL: letsencrypt@example.com

nitter-nginx/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+# This role sets up a SSL certificate for our web server and then sets up said
+# web server
+
+- name: Make TLS certificate storage directory
+  ansible.builtin.file: name=/etc/ssl/letsencrypt/ state=directory
+- name: Make sure /opt exists
+  ansible.builtin.file: name=/opt state=directory
+- name: Clone acme.sh repository
+  ansible.builtin.git:
+    repo: https://github.com/Neilpang/acme.sh.git
+    dest: /opt/acme.sh
+- name: Install acme.sh
+  ansible.builtin.shell: cd /opt/acme.sh && ./acme.sh --install
+- name: Template and copy over our account.conf for acme.sh
+  ansible.builtin:template:
+    src: account.conf
+    dest: /root/.acme.sh/account.conf
+- name: Generate certificate using acme.sh
+  ansible.builtin.shell: /root/.acme.sh/acme.sh --issue --standalone -d {{ NITTER_DOMAIN }} --pre-hook "service nginx stop"
+  ignore_errors: yes
+- name: Install certificate in storage directory
+  ansible.builtin.shell: /root/.acme.sh/acme.sh --install-cert -d {{ NITTER_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt --reloadcmd "service nginx restart"

nitter-nginx/templates/account.conf

@@ -0,0 +1,10 @@
+#LOG_FILE="/root/.acme.sh/acme.sh.log"
+#LOG_LEVEL=1
+
+AUTO_UPGRADE='1'
+
+#NO_TIMESTAMP=1
+
+ACCOUNT_EMAIL='{{ ACME_ACCOUNT_EMAIL }}'
+DEFAULT_ACME_SERVER='https://acme-v02.api.letsencrypt.org/directory'
+USER_PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin'

site.yml

@@ -7,4 +7,4 @@
     - nitter-app
     - nitter-config
     - nitter-systemd
-#    - nitter-nginx
+    - nitter-nginx