gerboweb: Modularize deployment playbooks a bit

2019-04-02 04:36:10 +09:00 · 2019-04-02 04:36:10 +09:00 · 9358a57bae
commit 9358a57bae
parent 5ff592c24c
13 changed files with 257 additions and 196 deletions
--- a/setup_webserver.yml
+++ b/setup_webserver.yml
@ -0,0 +1,52 @@
+- name: Copy first stage nginx config
+  copy:
+      src: nginx_nossl.conf
+      dest: /etc/nginx/nginx.conf
+
+- name: Add nginx user to uwsgi group for access to uwsgi socket
+  user:
+      name: nginx
+      groups: uwsgi
+      append: yes
+
+- name: Copy uwsgi systemd socket config
+  copy:
+      src: uwsgi-app@.socket
+      dest: /etc/systemd/system/
+
+- name: Copy uwsgi systemd service config
+  copy:
+      src: uwsgi-app@.service
+      dest: /etc/systemd/system/
+
+- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
+  selinux:
+    state: permissive
+    policy: targeted
+
+- name: Enable and launch nginx systemd service
+  systemd:
+      name: nginx.service
+      enabled: yes
+      state: restarted
+
+- name: Create letsencrypt certificate
+  command: certbot --nginx certonly -d gerbolyze.jaseg.net -n --agree-tos --email gerboweb@jaseg.net
+  args:
+      creates: /etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem
+
+- name: Copy final nginx config
+  copy:
+      src: nginx.conf
+      dest: /etc/nginx/nginx.conf
+
+- name: Restart nginx to load new cert
+  systemd:
+      name: nginx.service
+      state: restarted
+
+- name: Enable certbot renewal timer
+  systemd:
+      name: certbot-renew.timer
+      enabled: yes
+