74 lines
1.8 KiB
YAML
74 lines
1.8 KiB
YAML
---
|
|
- name: Remove default nginx config
|
|
file:
|
|
name: /etc/nginx/sites-enabled
|
|
state: absent
|
|
|
|
- name: Restore nginx/conf.d
|
|
file:
|
|
name: /etc/nginx/conf.d
|
|
state: directory
|
|
|
|
- name: Install system nginx config
|
|
copy:
|
|
src: static/nginx/nginx.conf
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
# helps with proxy-ing services
|
|
- name: Install nginx proxy-control.conf
|
|
copy:
|
|
src: static/nginx/proxy-control.conf
|
|
dest: /etc/nginx/proxy-control.conf
|
|
|
|
- name: Install nginx restrict-conf.conf
|
|
template:
|
|
src: templates/nginx/restrict-auth.conf
|
|
dest: /etc/nginx/restrict-auth.conf
|
|
|
|
- name: Install nginx config for site proxies
|
|
copy:
|
|
src: static/nginx/sites.conf
|
|
dest: /etc/nginx/conf.d/sites.conf
|
|
|
|
# locks down services that shouldn't be public (if enabled)
|
|
- name: Install nginx passwd file
|
|
htpasswd:
|
|
path: /etc/nginx/passwdfile
|
|
name: "{{ auth_username }}"
|
|
password: "{{ auth_password }}"
|
|
owner: root
|
|
group: www-data
|
|
mode: 0640
|
|
when: auth_enabled == "y" # only do it when the username is specified
|
|
|
|
- name: Install updateDuckDNS
|
|
template:
|
|
src: templates/updateDuckDNS
|
|
dest: /infra/updateDuckDNS
|
|
mode: u+rx
|
|
when: duck_enabled == "y"
|
|
|
|
# update duckdns daily
|
|
- name: Install DuckDNS cronjob
|
|
cron:
|
|
name: Update DuckDNS
|
|
minute: 0
|
|
hour: 1
|
|
job: /infra/updateDuckDNS
|
|
when: duck_enabled == "y"
|
|
|
|
# go ahead and run the update (before running cerbot)
|
|
- name: Setup DuckDNS
|
|
shell: "/infra/updateDuckDNS"
|
|
when: duck_enabled == "y"
|
|
|
|
# certbot is a life saver. thank you certbot devs!
|
|
- name: Setup certbot
|
|
shell: "certbot --nginx --non-interactive --agree-tos -m do_not_contact@proton.me -d {{ duck_domain }}"
|
|
when: duck_enabled == "y"
|
|
|
|
- name: Reload Nginx
|
|
systemd:
|
|
name: nginx
|
|
enabled: yes
|
|
state: restarted |