Changeset - eff5e9720cff
Parent rev.
Child rev.
[Not reviewed]
0 4 0
x - 17 months ago 2023-12-14 19:58:30
xbr@c3l.lu
fix: become when root perms are necessary
4 files changed with 10 insertions and 0 deletions:
web/tasks/base_website_setup.yml
4
web/tasks/install_acme_sh.yml
2
web/tasks/issue_cert.yml
2
web/tasks/set_up_nginx_config.yml
2
0 comments (0 inline, 0 general)
web/tasks/base_website_setup.yml
Show inline comments
 
@@ -3,6 +3,7 @@
 
  ansible.builtin.apt:
 
    name: nginx
 
    state: present
 
  become: true
 
- name: Copy snippets
 
  ansible.builtin.copy:
 
    src: "{{ server_config_dir }}/server_config/nginx/snippets/"
 
@@ -10,6 +11,7 @@
 
    owner: root
 
    group: root
 
    mode: "0644"
 
  become: true
 
- name: Change default config
 
  ansible.builtin.copy:
 
    src: "{{ server_config_dir }}/server_config/nginx/configs/default"
 
@@ -17,11 +19,13 @@
 
    owner: root
 
    group: root
 
    mode: "0644"
 
  become: true
 
- name: Enable + Restart nginx
 
  ansible.builtin.service:
 
    name: nginx
 
    state: reloaded
 
    enabled: true
 
  become: true
 
- name: Make sure acme.sh is installed
 
  ansible.builtin.include_tasks:
 
    file: "{{ ansible_repo_dir }}/web/tasks/install_acme_sh.yml"
web/tasks/install_acme_sh.yml
Show inline comments
 
@@ -4,6 +4,7 @@
 
  ansible.builtin.stat:
 
    path: "/root/.acme.sh"
 
    get_checksum: false
 
  become: true
 
  register: acme_config
 
- name: Download acme.sh
 
  ansible.builtin.get_url:
 
@@ -39,3 +40,4 @@
 
    day: "*"
 
    month: "*"
 
    weekday: "*"
 
  become: true
web/tasks/issue_cert.yml
Show inline comments
 
@@ -7,9 +7,11 @@
 
  ansible.builtin.apt:
 
    name: ssl-cert
 
    state: present
 
  become: true
 
- name: Check if certificate already exists
 
  ansible.builtin.stat:
 
    path: "/root/.acme.sh/{{ domain_name }}_ecc"
 
  become: true
 
  register: acme_cert_dir
 
- name: Pre-copy cert files
 
  ansible.builtin.copy:
web/tasks/set_up_nginx_config.yml
Show inline comments
 
@@ -7,6 +7,7 @@
 
    owner: root
 
    group: root
 
    mode: "0644"
 
  become: true
 
- name: Enable new config site
 
  ansible.builtin.file:
 
    src: "/etc/nginx/sites-available/{{ web_conf_file }}"
 
@@ -14,3 +15,4 @@
 
    owner: root
 
    group: root
 
    state: link
 
  become: true
0 comments (0 inline, 0 general)
Server instance: saturn-2944584 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support