57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
|
---
|
||
|
- name: "Install nginx"
|
||
|
pacman:
|
||
|
name: "nginx"
|
||
|
state: "present"
|
||
|
|
||
|
- name: "Enable and start nginx service"
|
||
|
service:
|
||
|
name: "nginx"
|
||
|
enabled: "yes"
|
||
|
state: "started"
|
||
|
|
||
|
- name: "Create nginx config directory"
|
||
|
file:
|
||
|
path: "/etc/nginx/conf.d"
|
||
|
state: "directory"
|
||
|
|
||
|
- name: "Create nginx vhost directory"
|
||
|
file:
|
||
|
path: "/etc/nginx/sites"
|
||
|
state: "directory"
|
||
|
|
||
|
- name: "Create certbot directory"
|
||
|
file:
|
||
|
path: "/usr/share/nginx/letsencrypt"
|
||
|
state: "directory"
|
||
|
|
||
|
- name: "Copy base nginx.conf"
|
||
|
template:
|
||
|
src: "nginx.conf.j2"
|
||
|
dest: "/etc/nginx/nginx.conf"
|
||
|
notify: "reload nginx"
|
||
|
|
||
|
- name: "Install nginx site for letsencrypt requests"
|
||
|
template:
|
||
|
src: "nginx-http.j2"
|
||
|
dest: "/etc/nginx/sites/http"
|
||
|
notify: "reload nginx"
|
||
|
|
||
|
- name: "Force all notified nginx handlers to enable letsencrypt"
|
||
|
meta: "flush_handlers"
|
||
|
|
||
|
- name: "Create letsencrypt certificate"
|
||
|
shell: "certbot certonly -n --webroot -w /usr/share/nginx/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ domain_name }}"
|
||
|
args:
|
||
|
creates: "/etc/letsencrypt/live/{{ domain_name }}"
|
||
|
|
||
|
- name: "Generate dhparams"
|
||
|
shell: "openssl dhparam -out /etc/nginx/dhparams.pem 2048"
|
||
|
args:
|
||
|
creates: "/etc/nginx/dhparams.pem"
|
||
|
|
||
|
- name: "Install nginx site config"
|
||
|
template:
|
||
|
src: templates/nginx-https.j2
|
||
|
dest: /etc/nginx/sites/https
|
||
|
notify: "reload nginx"
|