shockrah
a32f339ca1
+ Cert setup for filebrowser service This is going to be served under gallery.leftcoast.space for a common fileserver thing that we use as a kind of scrapbook
54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
# This playbook just installs nginx so that it is ready to configure
|
|
# we don't bother with extra user accounts like with Beta because we
|
|
# are only concerned with using nginx to serve fully containerized
|
|
# applications. Not static files
|
|
---
|
|
- hosts: alpha
|
|
become: yes
|
|
tasks:
|
|
- name: Install Nginx
|
|
apt:
|
|
name: nginx
|
|
update_cache: yes
|
|
state: present
|
|
|
|
- name: Update Snap
|
|
community.general.snap:
|
|
name: core
|
|
state: present
|
|
|
|
- name: Install Certbot
|
|
community.general.snap:
|
|
name: certbot
|
|
classic: yes
|
|
|
|
- name: Push Configs
|
|
copy:
|
|
src: "{{item}}"
|
|
dest: "/etc/nginx/sites-available/{{item}}"
|
|
loop:
|
|
- search.project-athens.xyz
|
|
- gallery.leftcoast.space
|
|
|
|
- name: Enable Sites in Nginx
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{item}}"
|
|
dest: "/etc/nginx/sites-enabled/{{item}}"
|
|
state: link
|
|
loop:
|
|
- search.project-athens.xyz
|
|
- gallery.leftcoast.space
|
|
|
|
- name: Restart Nginx
|
|
service:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: Install Certificates for all sites on this host
|
|
command: >
|
|
certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
|
|
--domains "{{item}}"
|
|
loop:
|
|
- search.project-athens.xyz
|
|
- gallery.leftcoast.space
|