WIP roles for easy selfhosting based on ansible
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

44 lines
1.5 KiB

# Certificate does not exist yet for $tls_host, generate it
- name: "Ensure website folder for {{ tls_host }} exists"
file:
path: "/var/www/{{ tls_host }}/.well-known/acme-challenge"
state: directory
mode: "u=rwx,g=rx,o=rx"
- name: "Check whether a site is already configured for {{ tls_host }}"
stat:
path: "/etc/nginx/sites-enabled/{{ tls_host }}.conf"
register: nginx_config
# TODO: here we assume an existing www vhost has the same aliases we
# want to serve. however if we add an alias to the list this assumption
# will break! But also, when an aliases is added we should not arrive
# in this branch because the certificate already exists.
- name: "Configure simple HTTP server for {{ tls_host }}"
include_role:
name: "webserver"
when: not nginx_config.stat.exists
vars:
vhosts:
- host: "{{ tls_host }}"
aliases: "{{ tls_aliases|default(None) }}"
tls: false
template: static
- name: "Generate certificate for {{ tls_host }}"
ignore_errors: yes
command:
cmd: "certbot certonly --non-interactive --agree-tos --webroot -w /var/www/{{ tls_host }}/ -d {{ tls_host }}{% if tls_aliases | default(None) %} -d {{ tls_aliases | join(\" -d \") }}{% endif %}"
register: certbot
- name: "Remove simple HTTP server for {{ tls_host }}"
file:
path: "/etc/nginx/sites-enabled/{{ tls_host }}.conf"
state: absent
when: not nginx_config.stat.exists
- name: "Certbot failed to execute"
fail:
msg: "Certbot failed! See above for output"
when: certbot is failed