57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
---
|
|
- name: Nginx и certbot
|
|
ansible.builtin.apt:
|
|
name:
|
|
- nginx
|
|
- certbot
|
|
- python3-certbot-nginx
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Виртуальный хост (HTTP → Docker)
|
|
ansible.builtin.template:
|
|
src: laravel.nginx.conf.j2
|
|
dest: /etc/nginx/sites-available/laravel.conf
|
|
mode: "0644"
|
|
|
|
- name: Включить сайт
|
|
ansible.builtin.file:
|
|
src: /etc/nginx/sites-available/laravel.conf
|
|
dest: /etc/nginx/sites-enabled/laravel.conf
|
|
state: link
|
|
force: true
|
|
|
|
- name: Отключить default сайт
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
|
|
- name: Проверить и перезагрузить nginx
|
|
ansible.builtin.command: nginx -t
|
|
changed_when: false
|
|
|
|
- name: Перезапуск nginx
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
state: reloaded
|
|
|
|
- name: Получить сертификат Let's Encrypt
|
|
ansible.builtin.command: >
|
|
certbot --nginx
|
|
-d {{ project_domain }}
|
|
--non-interactive
|
|
--agree-tos
|
|
-m {{ letsencrypt_email }}
|
|
--redirect
|
|
args:
|
|
creates: /etc/letsencrypt/live/{{ project_domain }}/fullchain.pem
|
|
tags:
|
|
- letsencrypt
|
|
|
|
- name: Автообновление сертификатов (timer или cron от пакета certbot)
|
|
ansible.builtin.service:
|
|
name: certbot.timer
|
|
state: started
|
|
enabled: true
|
|
ignore_errors: true
|