ansible/roles/rp_synapse/tasks/main.yml

52 lines
1.4 KiB
YAML
Raw Normal View History

2021-08-02 03:49:36 +02:00
---
# Almost a copy of the reverse proxy http role.
# There is probably a cleaner way to do that using the
# rp proxy http role.
- name: Install certbot
apt:
update_cache: true
name:
- certbot
- python3-certbot-nginx
state: latest
- name: Ensure the cert directory exists
file:
path: /etc/nginx/certs
state: directory
2021-08-02 17:10:18 +02:00
- name: Generate Certificate for Domains
shell: certbot certonly --standalone -d {{ matrix_server_name }} -m {{ certificate_email }} --noninteractive --agree-tos --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
2021-08-02 17:10:18 +02:00
args:
creates: "/etc/letsencrypt/live/{{ matrix_server_name }}/cert.pem"
- name: Copy certificates
file:
src: "/etc/letsencrypt/live/{{ matrix_server_name }}/fullchain.pem"
dest: "/etc/nginx/certs/{{ matrix_server_name }}.crt"
state: link
force: yes
- name: Copy certificates key
file:
src: "/etc/letsencrypt/live/{{ matrix_server_name }}/privkey.pem"
dest: "/etc/nginx/certs/{{ matrix_server_name }}.key"
state: link
force: yes
2021-08-02 03:49:36 +02:00
- name: Copy reverse proxy sites
template:
2021-08-02 17:10:18 +02:00
src: reverse_proxy
2021-08-02 03:49:36 +02:00
dest: /etc/nginx/sites-available/synapse
notify: Reload nginx
- name: Activate sites
file:
src: "/etc/nginx/sites-available/synapse"
dest: "/etc/nginx/sites-enabled/synapse"
state: link
force: yes
notify: Reload nginx