53 lines
1.1 KiB
YAML
53 lines
1.1 KiB
YAML
---
|
|
- name: install
|
|
apt:
|
|
name:
|
|
- nginx
|
|
- letsencrypt
|
|
- python3-certbot-nginx
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: create wwwuser group
|
|
group:
|
|
name: "{{ www_group }}"
|
|
state: present
|
|
system: true
|
|
|
|
- name: create wwwuser user
|
|
user:
|
|
name: "{{ www_user }}"
|
|
group: "{{ www_group }}"
|
|
comment: "Web user"
|
|
shell: /bin/bash
|
|
home: "{{ www_home }}"
|
|
system: true
|
|
state: present
|
|
|
|
- name: authorize deployer ssh key to wwwuser
|
|
authorized_key:
|
|
user: "{{ www_user }}"
|
|
state: present
|
|
key: "{{ lookup('file', '../../../deploy.pub') }}"
|
|
|
|
- name: define wwwuser as nginx's user
|
|
replace:
|
|
path: /etc/nginx/nginx.conf
|
|
regexp: '^user (.+);$'
|
|
replace: "user {{ www_user }};"
|
|
|
|
- name: restart nginx
|
|
service:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: create letsencrypt's challenge directory
|
|
file:
|
|
name: /var/www/letsencrypt
|
|
state: directory
|
|
|
|
- name: generate letsencrypt's dhparams
|
|
shell: openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048
|
|
args:
|
|
creates: /etc/letsencrypt/ssl-dhparams.pem
|