ansible/roles/share_file_web/tasks/main.yml

70 lines
1.8 KiB
YAML
Raw Permalink Normal View History

2021-04-05 19:02:21 +02:00
---
- name: Install certbot
apt:
update_cache: true
name:
- certbot
- python3-certbot-nginx
state: latest
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Ensure the cert directory exists
file:
path: /etc/nginx/certs
state: directory
- name: Copy snippets
template:
src: "nginx/snippets/{{ item }}"
dest: "/etc/nginx/snippets/{{ item }}"
loop:
- connection_upgrade.conf # fix some nginx bug
- name: Ensure the shared directory exist
file:
path: "{{ item.folder }}"
state: directory
owner: "{{ item.user }}"
group: "{{ item.group }}"
loop: "{{ sharing_sites }}"
- name: Copy sharing sites
template:
src: "nginx/sites-available/sharing_site"
dest: "/etc/nginx/sites-available/{{ item.from }}"
loop: "{{ sharing_sites }}"
notify: Reload nginx
- name: Activate sites
file:
src: "/etc/nginx/sites-available/{{ item.from }}"
dest: "/etc/nginx/sites-enabled/{{ item.from }}"
state: link
force: yes
loop: "{{ sharing_sites }}"
- name: Generate Certificate for Domains
shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }} --noninteractive --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
args:
creates: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
loop: "{{ sharing_sites }}"
- name: Copy certificates
file:
src: "/etc/letsencrypt/live/{{ item.from }}/fullchain.pem"
dest: "/etc/nginx/certs/{{ item.from }}.crt"
state: link
force: yes
loop: "{{ sharing_sites }}"
- name: Copy certificate keys
file:
src: "/etc/letsencrypt/live/{{ item.from }}/privkey.pem"
dest: "/etc/nginx/certs/{{ item.from }}.key"
state: link
force: yes
loop: "{{ sharing_sites }}"
notify: Reload nginx