archives/pleroma-ansible-playbook
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2023-05-06. You can view files and clone it, but cannot push or open issues or pull requests.
pleroma-ansible-playbook/roles/pleroma-proxy/tasks/main.yml
Dan Anglin 274056bbed
fix: update ansible role names 
- pleroma-postgres renamed to pleroma-database.
- pleroma-nginx renamed to pleroma-proxy.
- site.yml in examples is updated to reflect the change.

resolves dananglin/pleroma-ansible-playbook#12
2020-03-21 17:22:59 +00:00

205 lines
6.8 KiB
YAML
Raw Permalink Blame History

---
- name: Nginx | Ensuring Nginx dependencies are installed.
apk:
name: "{{ pleroma_deps_nginx }}"
state: present
- name: Nginx | Ensuring the Nginx configuration is present.
template:
src: etc_ngnix_confd_pleroma.conf.j2
dest: "{{ pleroma_nginx_conf_file }}"
owner: root
group: root
mode: '0600'
- name: Nginx | Ensuring that the server root directory is present.
file:
name: "{{ pleroma_nginx_root_dir }}"
recurse: true
state: directory
mode: '0700'
owner: nginx
group: nginx
- name: Nginx | Ensuring the Keybase text file is present.
copy:
src: "{{ pleroma.keybase.proof.filepath }}"
dest: "{{ pleroma_nginx_root_dir }}/keybase.txt"
mode: '0644'
owner: nginx
group: nginx
when: pleroma.keybase.enable
- name: Nginx | Ensuring that the SSL folder exists
file:
name: "{{ pleroma_ssl_folder }}"
state: directory
mode: '0700'
owner: root
group: root
- name: Nginx | Ensuring that the ssl private key is generated.
openssl_privatekey:
mode: '0400'
group: root
owner: root
path: "{{ pleroma_ssl_privateKeyPath }}"
size: 4096
state: present
type: RSA
- name: Nginx | Ensuring that the certificate signing request is generated.
openssl_csr:
common_name: "{{ pleroma.config.host }}"
country_name: "{{ pleroma.ssl.csr.countryName }}"
email_address: "{{ pleroma.ssl.csr.emailAddress }}"
locality_name: "{{ pleroma.ssl.csr.localityName }}"
organization_name: "{{ pleroma.ssl.csr.organizationName }}"
organizational_unit_name: "{{ pleroma.ssl.csr.organizationUnitName }}"
state_or_province_name: "{{ pleroma.ssl.csr.stateOrProvinceName }}"
mode: '0400'
group: root
owner: root
path: "{{ pleroma_ssl_csrPath }}"
privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
- name: Nginx | Ensuring the self-signed certificate is generated.
openssl_certificate:
path: "{{ pleroma_ssl_selfSignedCertPath }}"
mode: '0400'
group: root
owner: root
privatekey_path: "{{ pleroma_ssl_privateKeyPath }}"
csr_path: "{{ pleroma_ssl_csrPath }}"
provider: selfsigned
- name: Nginx | Ensuring Nginx configuration references the self signed certificate.
lineinfile:
path: "{{ pleroma_nginx_conf_file }}"
owner: root
group: root
mode: '0600'
regexp: '{{ pleroma_ssl_certificate_path_regexp }}'
line: ' ssl_certificate {{ pleroma_ssl_selfSignedCertPath }};'
state: present
when: not pleroma.ssl.letsEncrypt.enable
- name: Nginx | Ensuring that the Let's encrypt challenge directory is present.
file:
name: "{{ pleroma_letsEncrypt_baseDir }}/.well-known/acme-challenge"
state: directory
mode: '0700'
owner: nginx
group: nginx
recurse: yes
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Ensuring that the private ACME account key is present.
openssl_privatekey:
mode: '0400'
group: root
owner: root
path: "{{ pleroma_ssl_privateAcmeAccountKeyPath }}"
size: 4096
state: present
type: RSA
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Checking if the full chain certificate exists.
stat:
path: "{{ pleroma_ssl_fullChainCert }}"
register: certificate_file
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Temporarily adding the reference to the self signed certificate for ACME challenge.
lineinfile:
path: "{{ pleroma_nginx_conf_file }}"
owner: root
group: root
mode: '0600'
regexp: '{{ pleroma_ssl_certificate_path_regexp }}'
line: ' ssl_certificate {{ pleroma_ssl_selfSignedCertPath }};'
state: present
when: pleroma.ssl.letsEncrypt.enable and certificate_file.stat.exists == false
- name: Nginx | Ensuring the existing full chain certificate is referenced in the Nginx config.
lineinfile:
path: "{{ pleroma_nginx_conf_file }}"
owner: root
group: root
mode: '0600'
regexp: '{{ pleroma_ssl_certificate_path_regexp }}'
line: ' ssl_certificate {{ pleroma_ssl_fullChainCert }};'
state: present
when: pleroma.ssl.letsEncrypt.enable and certificate_file.stat.exists == true
- name: Nginx | Ensuring that Nginx is running for the ACME challenge.
service:
name: nginx
state: started
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx -- Acme challenge part 1 - Creating Acme challenge.
acme_certificate:
account_key_src: "{{ pleroma_ssl_privateAcmeAccountKeyPath }}"
account_email: "{{ pleroma.ssl.letsEncrypt.acmeAccountEmail }}"
acme_directory: "{{ pleroma.ssl.letsEncrypt.acmeDirectory }}"
acme_version: 2
challenge: http-01
csr: "{{ pleroma_ssl_csrPath }}"
fullchain_dest: "{{ pleroma_ssl_fullChainCert }}"
remaining_days: "{{ pleroma.ssl.letsEncrypt.remainingDays }}"
select_crypto_backend: cryptography
terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}"
validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}"
register: acme_challenge
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Creating the Acme challenge file
copy:
dest: "{{ pleroma_letsEncrypt_baseDir }}/{{ acme_challenge['challenge_data'][pleroma.config.host]['http-01']['resource'] }}"
content: "{{ acme_challenge['challenge_data'][pleroma.config.host]['http-01']['resource_value'] }}"
when: pleroma.ssl.letsEncrypt.enable and acme_challenge is changed
- name: Nginx | Acme challenge part 2 - Validating the Acme challenge to create the SSL certificate.
acme_certificate:
account_key_src: "{{ pleroma_ssl_privateAcmeAccountKeyPath }}"
account_email: "{{ pleroma.ssl.letsEncrypt.acmeAccountEmail }}"
acme_directory: "{{ pleroma.ssl.letsEncrypt.acmeDirectory }}"
acme_version: 2
challenge: http-01
csr: "{{ pleroma_ssl_csrPath }}"
fullchain_dest: "{{ pleroma_ssl_fullChainCert }}"
remaining_days: "{{ pleroma.ssl.letsEncrypt.remainingDays }}"
select_crypto_backend: cryptography
terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}"
data: "{{ acme_challenge }}"
validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}"
register: acme_challenge
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Updating file permissions of the SSL certificate.
file:
path: "{{ pleroma_ssl_fullChainCert }}"
owner: root
group: root
mode: 0400
state: file
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Ensuring the ssl_ceritificate option is up to date in the Nginx configuration.
lineinfile:
path: "{{ pleroma_nginx_conf_file }}"
owner: root
group: root
mode: '0600'
regexp: '{{ pleroma_ssl_certificate_path_regexp }}'
line: ' ssl_certificate {{ pleroma_ssl_fullChainCert }};'
state: present
when: pleroma.ssl.letsEncrypt.enable
- name: Nginx | Ensuring that Nginx is enabled and restarted.
service:
name: nginx
enabled: yes
state: restarted
Reference in a new issue View git blame Copy permalink