Certbot and Nginx disappeared in Ansible conf

2020-09-06 09:38:27 +02:00 · 2020-09-06 09:38:27 +02:00 · a64dc9ffc2
parent b63fa19644
commit a64dc9ffc2
3 changed files with 85 additions and 0 deletions
--- a/ansible/roles/4-certbot/tasks/main.yml
+++ b/ansible/roles/4-certbot/tasks/main.yml
@ -0,0 +1,21 @@
+---
+- name: Install basic APT packages
+  apt:
+    update_cache: true
+    name:
+      - certbot
+      - python3-certbot-nginx
+  register: pkg_result
+  retries: 3
+  until: pkg_result is succeeded
+
+- name: Create /etc/letsencrypt/conf.d
+  file:
+    path: /etc/letsencrypt/conf.d
+    state: directory
+
+- name: Add Certbot configuration
+  template:
+    src: "letsencrypt/conf.d/nk20.ini.j2"
+    dest: "/etc/letsencrypt/conf.d/nk20.ini"
+    mode: 0644
--- a/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
+++ b/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
@ -0,0 +1,20 @@
+{{ ansible_managed | comment }}
+
+# To generate the certificate, please use the following command
+# certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = notekfet2020@lists.crans.org
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Use DNS-01 challenge
+authenticator = nginx
+
--- a/ansible/roles/5-nginx/tasks/main.yml
+++ b/ansible/roles/5-nginx/tasks/main.yml
@ -0,0 +1,44 @@
+---
+- name: Install NGINX
+  apt:
+    name: nginx
+  register: pkg_result
+  retries: 3
+  until: pkg_result is succeeded
+
+- name: Copy conf of Nginx
+  template:
+    src: "nginx_note.conf"
+    dest: /etc/nginx/sites-available/nginx_note.conf
+    mode: 0644
+    owner: www-data
+    group: www-data
+
+- name: Enable Nginx site
+  file:
+    src: /etc/nginx/sites-available/nginx_note.conf
+    dest: /etc/nginx/sites-enabled/nginx_note.conf
+    owner: www-data
+    group: www-data
+    state: link
+
+- name: Disable default Nginx site
+  file:
+    dest: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Copy conf of UWSGI
+  file:
+    src: /var/www/note_kfet/uwsgi_note.ini
+    dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini
+    state: link
+
+- name: Reload Nginx
+  systemd:
+    name: nginx
+    state: reloaded
+
+- name: Restart UWSGI
+  systemd:
+    name: uwsgi
+    state: restarted