62 lines
1.9 KiB
YAML
62 lines
1.9 KiB
YAML
- name: Copy app to server
|
|
ansible.builtin.copy:
|
|
src: inception/
|
|
dest: "{{ dest_dir }}/"
|
|
force: true
|
|
when: not ansible_check_mode
|
|
|
|
- name: Create .env file
|
|
ansible.builtin.template:
|
|
src: .env.j2
|
|
dest: "{{ dest_dir }}/srcs/.env"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Install dummy SSL certificates
|
|
block:
|
|
- name: Create cert dir
|
|
ansible.builtin.file:
|
|
path: "{{ cert_path }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create private key
|
|
community.crypto.openssl_privatekey:
|
|
path: "{{ cert_path }}/privkey.pem"
|
|
size: 4096
|
|
|
|
- name: Create signing certificate
|
|
community.crypto.openssl_csr:
|
|
path: "{{ cert_path }}/cert.csr"
|
|
privatekey_path: "{{ cert_path }}/privkey.pem"
|
|
|
|
- name: Create self-signed certificate
|
|
community.crypto.x509_certificate:
|
|
path: "{{ cert_path }}/fullchain.pem"
|
|
privatekey_path: "{{ cert_path }}/privkey.pem"
|
|
csr_path: "{{ cert_path }}/cert.csr"
|
|
provider: selfsigned
|
|
selfsigned_not_after: "+1d"
|
|
state: present
|
|
when: not ansible_check_mode
|
|
|
|
- name: Download recommended NGINX conf
|
|
ansible.builtin.get_url:
|
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
|
|
dest: "{{ dest_dir }}/srcs/nginx/certbot/conf/options-ssl-nginx.conf"
|
|
|
|
- name: Download recommended TLS parameters
|
|
ansible.builtin.get_url:
|
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem
|
|
dest: "{{ dest_dir }}/srcs/nginx/certbot/conf/ssl-dhparams.pem"
|
|
|
|
- name: Run the app
|
|
ansible.builtin.command: "make -C {{ dest_dir }}"
|
|
when: not ansible_check_mode
|
|
|
|
- name: Schedule to start app at reboot
|
|
ansible.builtin.cron:
|
|
name: "Start app at boot"
|
|
special_time: reboot
|
|
job: "make -C {{ dest_dir }}" |