55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
---
|
|
# Stop NGINX
|
|
- name: Stop NGINX
|
|
docker_container:
|
|
name: nginx
|
|
state: stopped
|
|
|
|
# Manage certbot
|
|
|
|
- name: Instal and configure certbot
|
|
include_role:
|
|
name: geerlingguy.certbot
|
|
|
|
|
|
- name: Copy fullchain files to nginx volume
|
|
ansible.builtin.copy:
|
|
src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
|
|
#TODO nginx configuration is not multi domain
|
|
dest: "{{ docker_base_volume_path }}/nginx/ssl/fullchain.pem"
|
|
remote_src: true
|
|
mode: '0644'
|
|
loop: "{{ certbot_certs }}"
|
|
|
|
- name: Copy privkey files to nginx volume
|
|
ansible.builtin.copy:
|
|
src: "/etc/letsencrypt/live/{{ item.name }}/privkey.pem"
|
|
#TODO nginx configuration is not multi domain
|
|
dest: "{{ docker_base_volume_path }}/nginx/ssl/privatekey.pem"
|
|
remote_src: true
|
|
mode: '0644'
|
|
loop: "{{ certbot_certs }}"
|
|
|
|
|
|
- name: Setting up Docker NGINX renewal hooks
|
|
template:
|
|
src: "docker_nginx_{{ item }}.j2"
|
|
dest: "/etc/letsencrypt/renewal-hooks/{{ item }}/docker_nginx_{{ item }}.sh"
|
|
mode: '0744'
|
|
loop:
|
|
- pre
|
|
- post
|
|
|
|
- name: Removing systemctl hooks
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- "/etc/letsencrypt/renewal-hooks/pre/stop_services"
|
|
- "/etc/letsencrypt/renewal-hooks/post/start_services"
|
|
|
|
# Start NGINX
|
|
- name: Start NGINX
|
|
docker_container:
|
|
name: nginx
|