diff options
| author | Lars Wirzenius <liw@liw.fi> | 2018-07-03 16:59:00 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2018-07-03 16:59:00 +0300 |
| commit | ed62f2c98059a605ead1a9b4838c75fbd55ead19 (patch) | |
| tree | d48b495813356ddbb283402e3ccd84f0c1a281ce /roles/apache_server/tasks | |
| parent | 272c174a5a4718ce6cdae4e620f2d07f99d4772c (diff) | |
| download | debian-ansible-ed62f2c98059a605ead1a9b4838c75fbd55ead19.tar.gz | |
Change: let user group Let's Encrypt certs
Diffstat (limited to 'roles/apache_server/tasks')
| -rw-r--r-- | roles/apache_server/tasks/main.yml | 68 |
1 files changed, 38 insertions, 30 deletions
diff --git a/roles/apache_server/tasks/main.yml b/roles/apache_server/tasks/main.yml index 5f9c39f..bd5db50 100644 --- a/roles/apache_server/tasks/main.yml +++ b/roles/apache_server/tasks/main.yml @@ -1,29 +1,30 @@ -- name: install apache and related packages - apt: - name: "{{ item }}" - with_items: - - rsync - - apache2 - - name: install certbot apt: name: certbot default_release: stretch-backports when: letsencrypt -- name: "empty list of domains for Let's Encrypt" +- name: "empty default list of domains for Let's Encrypt" + file: + path: "/etc/letsencrypt/static_sites.list" + state: absent + when: letsencrypt + +- name: "empty lists of domains for Let's Encrypt" file: - path: /etc/letsencrypt/static_sites.list + path: "/etc/letsencrypt/{{ item.letsencrypt_cert }}.list" state: absent + with_items: "{{ static_sites }}" + when: letsencrypt and item.letsencrypt_cert is defined -- name: "create list of domains for static sites to get Let's Encrypt certs for" +- name: "create lists of domains for static sites to get Let's Encrypt certs for" shell: | - list="/etc/letsencrypt/static_sites.list" - wellknown="/srv/letsencrypt" + list="/etc/letsencrypt/{{ item.letsencrypt_cert|default('static_sites') }}.list" + wellknown="/srv/letsencrypt/{{ item.domain }}" if [ "{{ item.letsencrypt|default(false) }}" = True ] then echo "{{ item.domain }} {{ item.alias|default('') }}" >> "$list" - mkdir -p "$wellknown/{{ item.domain }}" + mkdir -p "$wellknown" fi with_items: "{{ static_sites }}" when: letsencrypt @@ -31,16 +32,32 @@ - name: install script to run certbot template: src: deploy_static_site_certs - dest: /usr/local/sbin/deploy_static_site_certs + dest: /usr/local/sbin/deploy_static_site_certs owner: root group: root - mode: 755 + mode: 0755 when: letsencrypt - name: "get initial certificate from Let's Encrypt" shell: /usr/local/sbin/deploy_static_site_certs when: letsencrypt +- name: install apache and related packages + apt: + name: "{{ item }}" + with_items: + - rsync + - apache2 + +# This may fail if the TLS cert isnt' installed by a previous playbook +# run, since it restarts Apache. +- name: enable apache modules for ssl + apache2_module: + state: present + name: "{{ item }}" + with_items: + - ssl + - name: create dirs for static site contents file: state: directory @@ -49,7 +66,6 @@ group: "{{ item.owner }}" mode: 0755 with_items: "{{ static_sites }}" - when: letsencrypt - name: create log dirs for websites file: @@ -69,6 +85,12 @@ mode: 0644 with_items: "{{ static_sites }}" +- name: enable apache sites + shell: a2ensite "{{ item.domain }}" + with_items: "{{ static_sites }}" + notify: + - restart apache + - name: "install htpasswd files" copy: content: "{{ item.htpasswd }}" @@ -78,17 +100,3 @@ mode: 0644 with_items: "{{ static_sites }}" when: item.htpasswd is defined - -- name: enable apache modules for ssl - apache2_module: - state: present - name: "{{ item }}" - with_items: - - ssl - - rewrite - -- name: enable apache sites - shell: a2ensite "{{ item.domain }}" - with_items: "{{ static_sites }}" - notify: - - restart apache |