roles: Add nginx (for debian)

This commit is contained in:
Geno 2020-09-17 00:16:19 +00:00
parent 2803c0aaea
commit 1bcada7ffe
5 changed files with 52 additions and 0 deletions

View file

@ -0,0 +1,2 @@
---
#nginx_acme_mail: "" # required

View file

@ -0,0 +1,5 @@
---
- name: reload nginx
systemd:
state: reloaded
name: nginx

View file

@ -0,0 +1,29 @@
---
- name: Install webserver
package:
state: latest
name:
- nginx
- dehydrated
- name: acme mail
copy:
dest: "/etc/dehydrated/conf.d/mail"
content: "CONTACT_EMAIL={{ nginx_acme_mail }}"
- name: get let's encrypt account
command: /usr/bin/dehydrated --register --accept-terms
args:
creates: /var/lib/dehydrated/accounts
- name: nginx default config
notify: reload nginx
template:
src: default.nginx
dest: /etc/nginx/sites-available/default
- name: nginx snippets for acme
notify: reload nginx
template:
src: snippets-tls.nginx
dest: /etc/nginx/snippets/tls-acme.conf

View file

@ -0,0 +1,12 @@
server {
listen [::]:80;
listen 80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
include snippets/tls-acme.conf;
}

View file

@ -0,0 +1,4 @@
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
allow all;
}