From 00d0ceb5089a110e7bdc01bd01d93ac2bc2f2df3 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sun, 7 Jan 2024 11:57:50 +0000
Subject: Make ip role work

---
 roles/certbot/tasks/main.yml   |  7 +++----
 roles/ip/files/ip.ilvokhin.com |  2 --
 roles/ip/tasks/main.yml        | 21 +++++++++++++++++++++
 3 files changed, 24 insertions(+), 6 deletions(-)

(limited to 'roles')

diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index ca9ae87..2862089 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -1,15 +1,14 @@
-- name: Install certbot packages
+- name: Install certbot package
   ansible.builtin.package:
     name:
       - '{{ item }}'
     state: present
   loop:
     - certbot
-    - certbot-nginx
 
 - name: Configure certbot systemd service
   ansible.builtin.copy:
-    src: files/certbot/certbot.service
+    src: files/certbot.service
     dest: /usr/lib/systemd/system
     owner: root
     group: root
@@ -17,7 +16,7 @@
 
 - name: Configure certbot systemd timer
   ansible.builtin.copy:
-    src: files/certbot/certbot.timer
+    src: files/certbot.timer
     dest: /usr/lib/systemd/system
     owner: root
     group: root
diff --git a/roles/ip/files/ip.ilvokhin.com b/roles/ip/files/ip.ilvokhin.com
index 0555c67..2d1513e 100644
--- a/roles/ip/files/ip.ilvokhin.com
+++ b/roles/ip/files/ip.ilvokhin.com
@@ -9,8 +9,6 @@ server {
     listen 443 ssl;
     ssl_certificate /etc/letsencrypt/live/ip.ilvokhin.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/ip.ilvokhin.com/privkey.pem;
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
 
 # Do not redirect to https to get a plain output for `curl ip.ilvokhin.com`
diff --git a/roles/ip/tasks/main.yml b/roles/ip/tasks/main.yml
index c887ec0..48588de 100644
--- a/roles/ip/tasks/main.yml
+++ b/roles/ip/tasks/main.yml
@@ -1,3 +1,11 @@
+- name: Request SSL certificate for ip.ilvokhin.com
+  ansible.builtin.include_role:
+    name: certificate
+  vars:
+    domains:
+      - ip.ilvokhin.com
+      - www.ip.ilvokhin.com
+
 - ansible.builtin.include_role:
     name: nginx
 
@@ -8,3 +16,16 @@
     owner: root
     group: root
     mode: u+rw,g+r,o+r
+  notify:
+    - Reload nginx
+
+- name: Enable ip.ilvokhin.com site
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/ip.ilvokhin.com
+    dest: /etc/nginx/sites-enabled/ip.ilvokhin.com
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+    state: link
+  notify:
+    - Reload nginx
-- 
cgit v1.2.3-70-g09d2