trans13nrv/infrastructure
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
infrastructure/playbooks/tasks/chat/nginx.yml

76 lines
2 KiB
YAML
Raw Blame History

---
- name: Disable movim website
ansible.builtin.file:
path: "{{ nginx.paths.sites_enabled }}/{{ movim.domain }}"
state: absent
- name: Disable auto redirect to TLS
ansible.builtin.file:
path: "{{ nginx.paths.sites_enabled }}/redirect_to_https"
state: absent
- name: Enable default website
ansible.builtin.file:
dest: "{{ nginx.paths.sites_enabled }}/default"
src: "{{ nginx.paths.sites_available }}/default"
state: link
- name: Install X509 certificates
ansible.builtin.command:
argv:
- certbot
- certonly
- --agree-tos
- -m psotmaster@trans13nrv.eu.org
- --nginx
- -d
- "{{ movim.domain }}"
creates: "/etc/letsencrypt/live/{{ movim.domain }}/privkey.pem"
- name: Disable default website
ansible.builtin.file:
path: "{{ nginx.paths.sites_enabled }}/default"
state: absent
- name: Create auto redirect to TLS for movim
ansible.builtin.blockinfile:
path: "{{ nginx.paths.sites_available }}/redirect_to_https"
block: |
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
create: true
- name: Create movim website
ansible.builtin.template:
dest: "{{ nginx.paths.sites_available }}/{{ movim.domain }}"
src: tasks/chat/templates/movim.j2
owner: "{{ root.user }}"
group: "{{ root.group }}"
mode: "644"
- name: Enable movim website
ansible.builtin.file:
state: link
dest: "{{ nginx.paths.sites_enabled }}/{{ movim.domain }}"
src: "{{ nginx.paths.sites_available }}/{{ movim.domain }}"
- name: Enable auto redirect to TLS
ansible.builtin.file:
state: link
dest: "{{ nginx.paths.sites_enabled }}/redirect_to_https"
src: "{{ nginx.paths.sites_available }}/redirect_to_https"
- name: Set access logs to off
ansible.builtin.blockinfile:
path: "{{ nginx.paths.conf_d }}/10-access_log-disabled.conf"
block: |
access_log off;
create: true
- name: Reload nginx service
ansible.builtin.systemd_service:
name: nginx
state: restarted
Reference in a new issue View git blame Copy permalink