-
Notifications
You must be signed in to change notification settings - Fork 2
/
certificates.yml
60 lines (56 loc) · 1.92 KB
/
certificates.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Create fake let's encrypt directories when in development
- name: Create fake let's encrypt directories when in development
file:
state: directory
path: "/etc/letsencrypt/live/{{ item }}"
with_items:
- "{{ righttoknow_domain }}"
- "test.{{ righttoknow_domain }}"
when: "'development' in group_names"
# We need to setup the SSL certificates before we try to configure nginx
# because otherwise nginx will try to look for non-existent certificates
- name: Copy SSL certificates for development
copy:
src: "{{ item }}.pem"
# We're faking it as if these are let's encrypt certs. Makes for less magic config
dest: "/etc/letsencrypt/live/{{ item }}/fullchain.pem"
mode: 0644
with_items:
- "{{ righttoknow_domain }}"
- "test.{{ righttoknow_domain }}"
# Only run this task when this machine is the development group
when: "'development' in group_names"
notify: nginx restart
- name: Copy SSL keys for development
copy:
src: "{{ item }}.key"
dest: "/etc/letsencrypt/live/{{ item }}/privkey.pem"
mode: 0640
with_items:
- "{{ righttoknow_domain }}"
- "test.{{ righttoknow_domain }}"
# Only run this task when this machine is the development group
when: "'development' in group_names"
notify: nginx restart
- name: Install varnish and nginx now (for the benefit of certbot)
apt:
pkg: "{{ item }}"
with_items:
- varnish
- nginx
when: "'ec2' in group_names"
# TODO: When (if) we use a newer version of certbot add "--post-hook" to restart nginx after renew
- name: Install certificate using certbot
include_role:
name: oaf.certbot
vars:
certbot_certs:
- email: contact@oaf.org.au
domains:
- "{{ righttoknow_domain }}"
- www."{{ righttoknow_domain }}"
- email: contact@oaf.org.au
domains:
- "test.{{ righttoknow_domain }}"
- "www.test.{{ righttoknow_domain }}"
when: "'ec2' in group_names"