diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/certbot/tasks/main.yml | 7 | ||||
| -rw-r--r-- | roles/ip/files/ip.ilvokhin.com | 2 | ||||
| -rw-r--r-- | roles/ip/tasks/main.yml | 21 |
3 files changed, 24 insertions, 6 deletions
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index ca9ae87..2862089 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -1,15 +1,14 @@ -- name: Install certbot packages +- name: Install certbot package ansible.builtin.package: name: - '{{ item }}' state: present loop: - certbot - - certbot-nginx - name: Configure certbot systemd service ansible.builtin.copy: - src: files/certbot/certbot.service + src: files/certbot.service dest: /usr/lib/systemd/system owner: root group: root @@ -17,7 +16,7 @@ - name: Configure certbot systemd timer ansible.builtin.copy: - src: files/certbot/certbot.timer + src: files/certbot.timer dest: /usr/lib/systemd/system owner: root group: root diff --git a/roles/ip/files/ip.ilvokhin.com b/roles/ip/files/ip.ilvokhin.com index 0555c67..2d1513e 100644 --- a/roles/ip/files/ip.ilvokhin.com +++ b/roles/ip/files/ip.ilvokhin.com @@ -9,8 +9,6 @@ server { listen 443 ssl; ssl_certificate /etc/letsencrypt/live/ip.ilvokhin.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ip.ilvokhin.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } # Do not redirect to https to get a plain output for `curl ip.ilvokhin.com` diff --git a/roles/ip/tasks/main.yml b/roles/ip/tasks/main.yml index c887ec0..48588de 100644 --- a/roles/ip/tasks/main.yml +++ b/roles/ip/tasks/main.yml @@ -1,3 +1,11 @@ +- name: Request SSL certificate for ip.ilvokhin.com + ansible.builtin.include_role: + name: certificate + vars: + domains: + - ip.ilvokhin.com + - www.ip.ilvokhin.com + - ansible.builtin.include_role: name: nginx @@ -8,3 +16,16 @@ owner: root group: root mode: u+rw,g+r,o+r + notify: + - Reload nginx + +- name: Enable ip.ilvokhin.com site + ansible.builtin.file: + src: /etc/nginx/sites-available/ip.ilvokhin.com + dest: /etc/nginx/sites-enabled/ip.ilvokhin.com + owner: root + group: root + mode: u+rw,g+r,o+r + state: link + notify: + - Reload nginx |