diff options
| -rw-r--r-- | infrastructure/README.md | 2 | ||||
| -rw-r--r-- | infrastructure/production.yaml | 3 | ||||
| -rw-r--r-- | infrastructure/roles/web/handlers/main.yaml | 4 | ||||
| -rw-r--r-- | infrastructure/roles/web/tasks/main.yaml | 26 | ||||
| -rw-r--r-- | infrastructure/site.yaml | 1 |
5 files changed, 36 insertions, 0 deletions
diff --git a/infrastructure/README.md b/infrastructure/README.md index 5e96671..4694334 100644 --- a/infrastructure/README.md +++ b/infrastructure/README.md @@ -18,6 +18,8 @@ Ensure you can `ssh root@ñix.es`, and then: uv run ansible-playbook -i ssh-root.yaml -i production.yaml site.yaml ``` +You might need to `systemctl restart apache2` for the Let's Encrypt certificate. + ## Running Ansible After bootstrapping, you can run Ansible via ssh with your user and `sudo`. diff --git a/infrastructure/production.yaml b/infrastructure/production.yaml index eff8cc9..19a260f 100644 --- a/infrastructure/production.yaml +++ b/infrastructure/production.yaml @@ -2,9 +2,12 @@ ungrouped: hosts: ñix.es: ansible_become: true + public_hostname: ñix.es + public_hostname_punycode: xn--ix-yja.es all: vars: users: - name: alex shell: /usr/bin/bash authorized_keys: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsmNM+izEWl/tIRncLIc9UFHwjL4b64VGD9ZTqeR/fEbfrhUjcQNmwHMbfF3l35OEFnPw6Afm8TzL/RwM+ePpdxj7HzZW6XBOVf258Dcs3olw/JuG8+oSvLoXUiTS1rqgNNp7RLEQN1IxYOUCreu6ju6y2WDi8Ota2vO1DpGgfHB1M6KbGBpLpZBCAKzrhI9I0y6nx6WEWWYJpcvN947oAgQRf/Bv4j9pNUATXhe14rNSWwk5lvOYZSEu7XZeg55GSzJSQjIO29F2SW8b886pB3hbRV+OFtLwWaMvsQwNp25n4wePQJX5OczKZxbN6rfjf4kuOmeGbVP3PmHa8hrmEw== alex@case" + admin_email: acb.nix8518@miemilio.es diff --git a/infrastructure/roles/web/handlers/main.yaml b/infrastructure/roles/web/handlers/main.yaml new file mode 100644 index 0000000..73ed47a --- /dev/null +++ b/infrastructure/roles/web/handlers/main.yaml @@ -0,0 +1,4 @@ +- name: restart web + ansible.builtin.service: + name: apache2 + state: restarted diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml new file mode 100644 index 0000000..2bf04e2 --- /dev/null +++ b/infrastructure/roles/web/tasks/main.yaml @@ -0,0 +1,26 @@ +- name: install apache2 + ansible.builtin.package: + name: apache2 +- name: enable mod_md + ansible.builtin.command: + cmd: a2enmod md + creates: /etc/apache2/mods-enabled/md.load + notify: restart web +- name: enable mod_ssl + ansible.builtin.command: + cmd: a2enmod ssl + creates: /etc/apache2/mods-enabled/ssl.load + notify: restart web +- name: ssl site + ansible.builtin.copy: + dest: /etc/apache2/sites-enabled/ssl.conf + content: | + MDomain {{ public_hostname_punycode }} + MDCertificateAgreement accepted + + <VirtualHost *:443> + ServerName {{ public_hostname_punycode }} + SSLEngine on + ServerAdmin {{ admin_email }} + </VirtualHost> + notify: restart web diff --git a/infrastructure/site.yaml b/infrastructure/site.yaml index 96e7048..451c2d9 100644 --- a/infrastructure/site.yaml +++ b/infrastructure/site.yaml @@ -3,4 +3,5 @@ roles: - users - motd + - web - git |