| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 |
- ---
- - name: Install nginx
- become: true
- apt:
- name: [ nginx, certbot, python3-certbot-nginx ]
- state: present
- - name: Place temporary nginx config
- become: true
- template:
- src: templates/nginx.j2
- dest: /etc/nginx/sites-available/joystreamstats
- - name: Link nginx config
- become: true
- file:
- src: /etc/nginx/sites-available/joystreamstats
- path: /etc/nginx/sites-enabled/joystreamstats
- state: link
- - name: Remove default nginx config
- become: true
- file:
- path: /etc/nginx/sites-enabled/default
- state: absent
- - name: Extract letsencrypt account
- become: true
- unarchive:
- creates: /etc/letsencrypt/account
- #remote_src: false
- src: templates/letsencrypt.tar.xz
- dest: /
- owner: root
- group: root
- mode: '0700'
- - name: Run certbot
- become: true
- shell: certbot certonly --nginx -n -d "{{ inventory_hostname }}.api.joystreamstats.live"
- args:
- creates: /etc/letsencrypt/live/{{ inventory_hostname }}.api.joystreamstats.live
- # https://certbot.eff.org/lets-encrypt/debianbuster-nginx
- - name: Place SSL-enabled nginx config
- become: true
- template:
- src: templates/nginx-ssl.j2
- dest: /etc/nginx/sites-available/joystreamstats
- - name: Reload nginx service
- become: true
- systemd:
- name: nginx
- state: reloaded
- enabled: true
- - name: Update joystream-node service file
- become: true
- template:
- src: templates/joystream-node.service.j2
- dest: /etc/systemd/system/joystream-node.service
- - name: Update systemd daemon
- become: true
- shell: systemctl daemon-reload
- - name: Restart joystream service
- become: true
- systemd:
- name: joystream-node
- state: restarted
- enabled: true
- - name: Update hostname
- become: yes
- shell: hostname {{ inventory_hostname }}.api.joystreamstats.live
- - name: Overwrite hostname file
- become: yes
- shell: echo {{ inventory_hostname }}.api.joystreamstats.live > /etc/hostname
|
