ansible-role-website/tasks/main.yml

144 lines
3.5 KiB
YAML
Raw Normal View History

2022-11-29 18:09:10 +01:00
---
- name: Install stuff
apt:
name:
- apache2
update_cache: yes
- name: install acme.sh
include_role:
name: acmesh
- name: create wwwroot
file:
path: "{{ docroot }}"
owner: www-data
group: www-data
mode: '0755'
state: directory
- name: enable apache module proxy
command: a2enmod proxy
args:
creates: /etc/apache2/mods-enabled/proxy.load
notify:
reload apache2
- name: enable apache module proxy_html
command: a2enmod proxy_html
args:
creates: /etc/apache2/mods-enabled/proxy_html.load
notify:
reload apache2
- name: enable apache module proxy_http
command: a2enmod proxy_http
args:
creates: /etc/apache2/mods-enabled/proxy_http.load
notify:
reload apache2
- name: enable apache module proxy_http2
command: a2enmod proxy_http2
args:
creates: /etc/apache2/mods-enabled/proxy_http2.load
notify:
reload apache2
- name: enable apache module ssl
command: a2enmod ssl
args:
creates: /etc/apache2/mods-enabled/ssl.load
notify:
reload apache2
- name: enable apache module headers
command: a2enmod headers
args:
creates: /etc/apache2/mods-enabled/headers.load
notify:
reload apache2
- name: enable apache module rewrite
command: a2enmod rewrite
args:
creates: /etc/apache2/mods-enabled/rewrite.load
notify:
reload apache2
2022-12-06 16:02:40 +01:00
- name: enable apache module proxy_wstunnel
command: a2enmod proxy_wstunnel
args:
creates: /etc/apache2/mods-enabled/proxy_wstunnel.load
notify:
reload apache2
2022-11-29 18:09:10 +01:00
- name: install acme.sh
include_role:
name: acmesh
- name: set amce server url
set_fact:
acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1"
when: acme_sh_server is defined
- name: set amce server url
set_fact:
acmeshserver: ""
when: not acme_sh_server is defined
- name: generate /etc/apache2/sites-available/{{ domainname }}.conf
template:
src: apache.conf.j2
dest: /etc/apache2/sites-available/{{ domainname }}.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
template:
src: apache-ssl.conf.j2
dest: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
file:
state: link
src: /etc/apache2/sites-available/{{ domainname }}.conf
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
notify:
- reload apache2
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
template:
src: includeOptional.conf.j2
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: Flush handlers
meta: flush_handlers
- name: get certificates
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot | default("/var/www/html") }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
args:
creates: /etc/ssl/private/{{ domainname }}.key
- name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
file:
state: link
src: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
dest: /etc/apache2/sites-enabled/{{ domainname }}-ssl.conf
notify:
- reload apache2