nginx-letsencrypt/tasks/main.yml

63 lines
1.9 KiB
YAML
Raw Permalink Normal View History

---
- name: Install nginx package
apt:
name: nginx
cache_valid_time: 86400
- name: Ensure nginx service is disabled and stopped
systemd:
name: nginx
enabled: false
state: stopped
- name: Get current nginx-letsencrypt version
shell: "/usr/local/bin/nginx-letsencrypt --version || true"
check_mode: no
changed_when: no
register: nginx_letsencrypt_version_cmd
- name: Download nginx-letsencrypt release
get_url:
url: "https://github.com/Luzifer/nginx-letsencrypt/releases/download/{{ nginx_letsencrypt_version }}/nginx-letsencrypt_linux_amd64"
dest: /usr/local/bin/nginx-letsencrypt
force: true
mode: 0755
when: nginx_letsencrypt_version not in nginx_letsencrypt_version_cmd.stdout
register: nginx_letsencrypt_binary
- name: Install modified nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
- name: Install system.d service
copy:
content: |
[Unit]
Description=nginx wrapper with LetsEncrypt certificate management
After=network-online.target
Requires=network-online.target
[Service]
Restart=always
ExecStart=/usr/local/bin/nginx-letsencrypt \
--email {{ nginx_letsencrypt_email }} \
--nginx-config /etc/nginx/nginx.conf \
--storage-dir {{ nginx_letsencrypt_storage_dir }} \
--log-level {{ nginx_letsencrypt_log_level }} \
--buffer {{ nginx_letsencrypt_buffer }} \
--listen-http :{{ nginx_letsencrypt_port }}
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/nginx-letsencrypt.service
register: nginx_letsencrypt_service
- name: Restart and enable nginx-letsencrypt service
systemd:
name: nginx-letsencrypt
enabled: true
state: restarted
when: nginx_letsencrypt_binary.changed or nginx_letsencrypt_service.changed