kopia lustrzana https://github.com/jaseg/gerbolyze
66 wiersze
1.6 KiB
YAML
66 wiersze
1.6 KiB
YAML
- name: Copy first stage nginx config
|
|
copy:
|
|
src: nginx_nossl.conf
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
- name: Add nginx user to uwsgi group for access to uwsgi socket
|
|
user:
|
|
name: nginx
|
|
groups: uwsgi
|
|
append: yes
|
|
|
|
- name: Create blog.jaseg.net content dir
|
|
file:
|
|
path: /var/www/blog.jaseg.net
|
|
state: directory
|
|
owner: nginx
|
|
group: nginx
|
|
mode: 0550
|
|
|
|
- name: Copy uwsgi systemd socket config
|
|
copy:
|
|
src: uwsgi-app@.socket
|
|
dest: /etc/systemd/system/
|
|
|
|
- name: Copy uwsgi systemd service config
|
|
copy:
|
|
src: uwsgi-app@.service
|
|
dest: /etc/systemd/system/
|
|
|
|
- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
|
|
selinux:
|
|
state: permissive
|
|
policy: targeted
|
|
|
|
- name: Enable and launch nginx systemd service
|
|
systemd:
|
|
name: nginx.service
|
|
enabled: yes
|
|
state: restarted
|
|
|
|
- name: Create letsencrypt certificate for gerbolyze.jaseg.net
|
|
command: certbot --nginx certonly -d gerbolyze.jaseg.net -n --agree-tos --email gerboweb@jaseg.net
|
|
args:
|
|
creates: /etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem
|
|
|
|
- name: Create letsencrypt certificate for blog.jaseg.net
|
|
command: certbot --nginx certonly -d blog.jaseg.net -n --agree-tos --email blog@jaseg.net
|
|
args:
|
|
creates: /etc/letsencrypt/live/blog.jaseg.net/fullchain.pem
|
|
|
|
- name: Copy final nginx config
|
|
copy:
|
|
src: nginx.conf
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
- name: Restart nginx to load new cert
|
|
systemd:
|
|
name: nginx.service
|
|
state: restarted
|
|
|
|
- name: Enable certbot renewal timer
|
|
systemd:
|
|
name: certbot-renew.timer
|
|
enabled: yes
|
|
|