main.yml 1.48 KB
Newer Older
1
2
3
---

- name: install nginx
4
  pacman: name=nginx-mainline,certbot state=present
5
6
7
8
9
10

- name: configure nginx
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf owner=root group=root mode=644
  notify:
    - restart nginx

11
12
13
14
15
16
17
18
19
- name: snippets directory
  file: state=directory path=/etc/nginx/snippets owner=root group=root mode=755

- name: copy snippets
  template: src={{ item }} dest=/etc/nginx/snippets owner=root group=root mode=644
  with_items:
    - letsencrypt.conf
    - sslsettings.conf

20
21
22
23
24
25
26
27
28
- name: create nginx.d directory
  file: state=directory path=/etc/nginx/nginx.d owner=root group=root mode=755

- name: create auth directory
  file: state=directory path=/etc/nginx/auth owner=root group=root mode=755

- name: create default nginx log directory
  file: state=directory path=/var/log/nginx/default owner=http group=log mode=750

29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
- name: create unique DH group
  command: openssl dhparam -out /etc/ssl/dhparams.pem 2048 creates=/etc/ssl/dhparams.pem

- name: create directory to store validation stuff in
  file: owner=root group=http mode=750 path={{ letsencrypt_validation_dir }} state=directory

- name: install letsencrypt renewal service
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
  with_items:
    - certbot-renewal.service
    - certbot-renewal.timer
  notify:
    - daemon reload

- name: activate letsencrypt renewal service
  service: name=certbot-renewal.timer enabled=yes state=started

46
47
- name: enable nginx
  service: name=nginx enabled=yes