Add https web

diff --git a/infrastructure/README.md b/infrastructure/README.md
index 5e966719e878a5e0fcb1f3b05d0fc5fc5422b6cf..469433439519ec2a4c2f1dcc8d618281bbf09a2a 100644 (file)
--- a/infrastructure/README.md
+++ b/infrastructure/README.md
@@ -18,6 +18,8 @@ Ensure you can `ssh root@ñix.es`, and then:
 uv run ansible-playbook -i ssh-root.yaml -i production.yaml site.yaml
 ```
 
+You might need to `systemctl restart apache2` for the Let's Encrypt certificate.
+
 ## Running Ansible
 
 After bootstrapping, you can run Ansible via ssh with your user and `sudo`.

diff --git a/infrastructure/production.yaml b/infrastructure/production.yaml
index eff8cc9737f36ec003719c40d9069dda4e38366d..19a260fc5269ad44ba617ba6a90355d521bd2652 100644 (file)
--- a/infrastructure/production.yaml
+++ b/infrastructure/production.yaml
@@ -2,9 +2,12 @@ ungrouped:
   hosts:
     ñix.es:
       ansible_become: true
+      public_hostname: ñix.es
+      public_hostname_punycode: xn--ix-yja.es
 all:
   vars:
     users:
       - name: alex
         shell: /usr/bin/bash
         authorized_keys: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsmNM+izEWl/tIRncLIc9UFHwjL4b64VGD9ZTqeR/fEbfrhUjcQNmwHMbfF3l35OEFnPw6Afm8TzL/RwM+ePpdxj7HzZW6XBOVf258Dcs3olw/JuG8+oSvLoXUiTS1rqgNNp7RLEQN1IxYOUCreu6ju6y2WDi8Ota2vO1DpGgfHB1M6KbGBpLpZBCAKzrhI9I0y6nx6WEWWYJpcvN947oAgQRf/Bv4j9pNUATXhe14rNSWwk5lvOYZSEu7XZeg55GSzJSQjIO29F2SW8b886pB3hbRV+OFtLwWaMvsQwNp25n4wePQJX5OczKZxbN6rfjf4kuOmeGbVP3PmHa8hrmEw== alex@case"
+    admin_email: acb.nix8518@miemilio.es

diff --git a/infrastructure/roles/web/handlers/main.yaml b/infrastructure/roles/web/handlers/main.yaml
new file mode 100644 (file)
index 0000000..73ed47a
--- /dev/null
+++ b/infrastructure/roles/web/handlers/main.yaml
@@ -0,0 +1,4 @@
+- name: restart web
+  ansible.builtin.service:
+    name: apache2
+    state: restarted

diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml
new file mode 100644 (file)
index 0000000..2bf04e2
--- /dev/null
+++ b/infrastructure/roles/web/tasks/main.yaml
@@ -0,0 +1,26 @@
+- name: install apache2
+  ansible.builtin.package:
+    name: apache2
+- name: enable mod_md
+  ansible.builtin.command:
+    cmd: a2enmod md
+    creates: /etc/apache2/mods-enabled/md.load
+  notify: restart web
+- name: enable mod_ssl
+  ansible.builtin.command:
+    cmd: a2enmod ssl
+    creates: /etc/apache2/mods-enabled/ssl.load
+  notify: restart web
+- name: ssl site
+  ansible.builtin.copy:
+    dest: /etc/apache2/sites-enabled/ssl.conf
+    content: |
+      MDomain {{ public_hostname_punycode }}
+      MDCertificateAgreement accepted
+
+      <VirtualHost *:443>
+        ServerName {{ public_hostname_punycode }}
+        SSLEngine on
+        ServerAdmin {{ admin_email }}
+      </VirtualHost>
+  notify: restart web

diff --git a/infrastructure/site.yaml b/infrastructure/site.yaml
index 96e7048a6f871faa807a481db54604573f42bc7d..451c2d9ebaa00a06440b2e8303dc0d80eb1eb225 100644 (file)
--- a/infrastructure/site.yaml
+++ b/infrastructure/site.yaml
@@ -3,4 +3,5 @@
   roles:
     - users
     - motd
+    - web
     - git