34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
- name: Install packages proxy server
|
|
command: "bastille pkg {{jails['proxy'].name}} install -y nginx py38-certbot-nginx"
|
|
|
|
- name: Enable weekly_certbot
|
|
lineinfile:
|
|
regex: "^weekly_certbot_enable="
|
|
line: "weekly_certbot_enable=YES"
|
|
path: "/usr/local/bastille/jails/{{jails['proxy'].name}}/root/etc/periodic.conf"
|
|
create: true
|
|
|
|
- name: "create sites-enabled directory"
|
|
command: "bastille cmd {{jails['proxy'].name}} mkdir /usr/local/etc/nginx/sites-enabled"
|
|
|
|
- name: "nginx: configure website"
|
|
template:
|
|
src: proxy.conf.j2
|
|
dest: "/usr/local/bastille/jails/{{jails['proxy'].name}}/root/usr/local/etc/nginx/sites-enabled/{{website.name}}.conf"
|
|
|
|
|
|
- name: update nginx.conf to include sites-enabled
|
|
lineinfile:
|
|
insertbefore: "}"
|
|
line: " include sites-enabled/*.conf;"
|
|
path: "/usr/local/bastille/jails/{{jails['proxy'].name}}/root/usr/local/etc/nginx/nginx.conf"
|
|
|
|
- name: "nginx: enable nginx service"
|
|
command: "bastille sysrc {{jails['proxy'].name}} nginx_enable='YES'"
|
|
|
|
- name: "nginx: start nginx service"
|
|
command: "bastille service {{jails['proxy'].name}} nginx restart"
|
|
|
|
- name: Generate certificates
|
|
command: "bastille cmd {{jails['proxy'].name}} sh -c 'certbot --nginx -m {{website.email}} -n --agree-tos --domains {{website.external_hostname}}'"
|