56 lines
1.5 KiB
YAML
56 lines
1.5 KiB
YAML
|
---
|
||
|
# py-cryptography is needed for self-signed certificates
|
||
|
# we could probably do away with certbot.
|
||
|
- name: Nginx -- Ensuring Nginx dependencies are installed.
|
||
|
apk:
|
||
|
name: nginx, certbot, py-cryptography
|
||
|
state: present
|
||
|
|
||
|
- name: Nginx -- Ensuring that the ssl folder exists
|
||
|
file:
|
||
|
name: "{{ pleroma_ssl_folder }}"
|
||
|
state: directory
|
||
|
mode: '0700'
|
||
|
owner: root
|
||
|
group: root
|
||
|
|
||
|
- name: Nginx -- Ensuring that the ssl private key is generated.
|
||
|
openssl_privatekey:
|
||
|
mode: '0400'
|
||
|
group: root
|
||
|
owner: root
|
||
|
path: "{{ pleroma_ssl_privateKeyPath }}"
|
||
|
size: 4096
|
||
|
state: present
|
||
|
type: RSA
|
||
|
|
||
|
- name: Nginx -- Ensuring that the certificate signing request is generated.
|
||
|
openssl_csr:
|
||
|
mode: '0400'
|
||
|
group: root
|
||
|
owner: root
|
||
|
path: "{{ pleroma_ssl_csrPath }}"
|
||
|
privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
|
||
|
common_name: "{{ pleroma_config_host }}"
|
||
|
|
||
|
- name: Nginx -- Ensuring the self-signed certificate is generated.
|
||
|
openssl_certificate:
|
||
|
path: "{{ pleroma_ssl_selfSignedCertPath }}"
|
||
|
privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
|
||
|
csr_path: "{{ pleroma_ssl_csrPath }}"
|
||
|
provider: selfsigned
|
||
|
|
||
|
- name: Nginx -- Ensuring the Nginx configuration is present.
|
||
|
template:
|
||
|
src: etc_ngnix_confd_pleroma.conf.j2
|
||
|
dest: /etc/nginx/conf.d/pleroma.conf
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0400'
|
||
|
|
||
|
- name: Nginx -- Ensuring that Nginx is enabled and started.
|
||
|
service:
|
||
|
name: nginx
|
||
|
enabled: yes
|
||
|
state: started
|