source: darkpeak-services/roles/apache2/tasks/configure-apache-site.yml @ ae8976be

ansiblekeycloakmatrixpleroma
Last change on this file since ae8976be was ae8976be, checked in by Mat Booth <mat.booth@…>, 3 years ago

apache: define the "domain" variable for the default vhost

This allows to simplify the configuration of apache and tls a bit

Also no need to create a webroot for the default vhost anymore
because we always redirect to another service to provide the home
page

  • Property mode set to 100644
File size: 2.4 KB
Line 
1- name: Create site directories
2  file:
3    state: directory
4    path:  "{{ item.path }}"
5    group: "{{ item.group }}"
6    owner: "{{ item.owner }}"
7    mode:  "{{ item.mode }}"
8  with_items:
9    - { path: '/var/log/apache2/{{ service_name }}', group: 'adm', owner: 'www-data', mode: '0750' }
10    - { path: '{{ web_root }}', group: 'www-data', owner: 'root', mode: '0751' }
11  notify:
12    - reload apache2
13
14- name: Configure a TLS certificate for this site
15  include: ../../tls/tasks/configure-tls-cert.yml
16
17# The default vhost *must* be the first lexigraphically, so for the default service
18# we add a filename prefix of '0-' to ensure that is the case
19
20- name: Install vhost
21  template:
22    src: ../../apache2/templates/apache.vhost.conf.j2
23    dest: "/etc/apache2/sites-available/{{ '0-default' if service_name == 'default' else service_name }}.conf"
24    owner: root
25    group: root
26    mode: 0644
27  register: vhost_config
28
29- name: Enable vhost
30  file:
31    src: "/etc/apache2/sites-available/{{ '0-default' if service_name == 'default' else service_name }}.conf"
32    dest: "/etc/apache2/sites-enabled/{{ '0-default' if service_name == 'default' else service_name }}.conf"
33    state: link
34
35# This file is supplied by the calling role, and included in the apache configuration
36# by the above vhost file
37
38- name: Install custom site config
39  template:
40    src: apache.incl.conf.j2
41    dest: "/etc/apache2/includes/{{ service_name }}.incl.conf"
42    owner: root
43    group: root
44    mode: 0644
45  notify:
46    - reload apache2
47
48# We want to reload apache config _now_ instead of waiting for the notify
49# task to run so we can request certificates using certbot and have the
50# appropriate apache config in place for verification
51- name: Reload apache now if vhost config changed
52  service:
53    name: apache2
54    state: reloaded
55  when: vhost_config is changed
56
57- name: Check to see if a valid letsencrypt live directory is present
58  stat:
59    path: "/etc/letsencrypt/live/{{ domain }}/README"
60  register: letsencrypt_live
61
62- name: Remove letsencrypt live directory if it's not valid
63  file:
64    path: "/etc/letsencrypt/live/{{ domain }}"
65    state: absent
66  when:
67    - not letsencrypt_live.stat.exists
68    - development_mode != true
69
70- name: Request letsencrypt certificate via certbot
71  command: "certbot certonly --non-interactive -m certificate@darkpeak.org --agree-tos --webroot -w /usr/share/certbot -d \"{{ domain }}\""
72  when:
73    - development_mode != true
74 
Note: See TracBrowser for help on using the repository browser.