80 lines
2.2 KiB
YAML
80 lines
2.2 KiB
YAML
- name: copy nginx configuration files
|
|
become: true
|
|
template:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
loop:
|
|
- { src: 'templates/nginx/default.j2', dest: '/etc/nginx/sites-available/default' }
|
|
- { src: 'templates/nginx/forgejo.j2', dest: '/etc/nginx/sites-available/forgejo' }
|
|
- { src: 'templates/nginx/woodpecker.j2', dest: '/etc/nginx/sites-available/woodpecker' }
|
|
- { src: 'templates/nginx/sentry.j2', dest: '/etc/nginx/sites-available/sentry' }
|
|
- { src: 'templates/nginx/vpn.j2', dest: '/etc/nginx/sites-available/vpn' }
|
|
- {
|
|
src: 'templates/nginx/newsreader.j2',
|
|
dest: '/etc/nginx/sites-available/newsreader',
|
|
}
|
|
notify: restart nginx
|
|
|
|
- name: create configuration links
|
|
become: true
|
|
file:
|
|
src: '{{ item.src }}'
|
|
dest: '{{ item.dest }}'
|
|
state: link
|
|
loop:
|
|
- {
|
|
src: '/etc/nginx/sites-available/default',
|
|
dest: '/etc/nginx/sites-enabled/default',
|
|
}
|
|
- {
|
|
src: '/etc/nginx/sites-available/forgejo',
|
|
dest: '/etc/nginx/sites-enabled/forgejo',
|
|
}
|
|
- {
|
|
src: '/etc/nginx/sites-available/woodpecker',
|
|
dest: '/etc/nginx/sites-enabled/woodpecker',
|
|
}
|
|
- {
|
|
src: '/etc/nginx/sites-available/sentry',
|
|
dest: '/etc/nginx/sites-enabled/sentry',
|
|
}
|
|
- { src: '/etc/nginx/sites-available/vpn', dest: '/etc/nginx/sites-enabled/vpn' }
|
|
- {
|
|
src: '/etc/nginx/sites-available/newsreader',
|
|
dest: '/etc/nginx/sites-enabled/newsreader',
|
|
}
|
|
notify: restart nginx
|
|
|
|
|
|
# Run the folowing command to regenerate a certificate:
|
|
#
|
|
# sudo certbot certonly \
|
|
# --authenticator standalone \
|
|
# --pre-hook 'systemctl stop nginx' \
|
|
# --post-hook 'systemctl start nginx' \
|
|
# --cert-name fudiggity.nl \
|
|
# -d fudiggity.nl \
|
|
# -d rss.fudiggity.nl \
|
|
# -d .....
|
|
#
|
|
# This will also save its configuration.
|
|
#
|
|
- name: copy letsencrypt configuration
|
|
become: true
|
|
template:
|
|
src: 'templates/letsencrypt/cli.j2'
|
|
dest: '/etc/letsencrypt/cli.ini'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: restart certbot
|
|
|
|
- name: enable certbot periodic certificate renewal
|
|
become: true
|
|
systemd:
|
|
name: certbot.timer
|
|
state: started
|
|
enabled: true
|