From 6915da790011815ffb0f80d0708665e7dc3accb7 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 11 Oct 2025 13:51:20 +0200
Subject: Add https web

---
 infrastructure/roles/web/tasks/main.yaml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 infrastructure/roles/web/tasks/main.yaml

(limited to 'infrastructure/roles/web/tasks/main.yaml')

diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml
new file mode 100644
index 0000000..2bf04e2
--- /dev/null
+++ b/infrastructure/roles/web/tasks/main.yaml
@@ -0,0 +1,26 @@
+- name: install apache2
+  ansible.builtin.package:
+    name: apache2
+- name: enable mod_md
+  ansible.builtin.command:
+    cmd: a2enmod md
+    creates: /etc/apache2/mods-enabled/md.load
+  notify: restart web
+- name: enable mod_ssl
+  ansible.builtin.command:
+    cmd: a2enmod ssl
+    creates: /etc/apache2/mods-enabled/ssl.load
+  notify: restart web
+- name: ssl site
+  ansible.builtin.copy:
+    dest: /etc/apache2/sites-enabled/ssl.conf
+    content: |
+      MDomain {{ public_hostname_punycode }}
+      MDCertificateAgreement accepted
+
+      <VirtualHost *:443>
+        ServerName {{ public_hostname_punycode }}
+        SSLEngine on
+        ServerAdmin {{ admin_email }}
+      </VirtualHost>
+  notify: restart web
-- 
cgit v1.2.3