72 lines
2.6 KiB
YAML
72 lines
2.6 KiB
YAML
---
|
|
# tasks file for other domains if any
|
|
|
|
- name: Template config files
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner }}"
|
|
group: "{{ item.group }}"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-config.js", owner: "root", group: "root", mode: "0644" }
|
|
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
|
notify: reload nginx
|
|
|
|
- name: Check if SSL certificate is present and register result
|
|
ansible.builtin.stat:
|
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
|
register: jitsimeet_ssl
|
|
|
|
- name: Generate certificate only if required (first time)
|
|
block:
|
|
- name: Template vhost without SSL for successfull LE challengce
|
|
ansible.builtin.template:
|
|
src: "nginx/other.vhost.conf.j2"
|
|
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
|
|
notify: reload nginx
|
|
- name: Enable temporary nginx vhost
|
|
ansible.builtin.file:
|
|
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
|
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
|
state: link
|
|
notify: reload nginx
|
|
- name: Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
|
ansible.builtin.file:
|
|
path: /var/lib/letsencrypt
|
|
state: directory
|
|
mode: '0755'
|
|
- name: Generate certificate with certbot
|
|
ansible.builtin.command:
|
|
cmd: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
|
when: jitsimeet_ssl.stat.exists != true
|
|
|
|
- name: (Re)check if SSL certificate is present and register result
|
|
ansible.builtin.stat:
|
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
|
register: jitsimeet_ssl
|
|
|
|
- name: (Re)template conf file for nginx vhost with SSL
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
loop:
|
|
- { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" }
|
|
notify: reload nginx
|
|
|
|
- name: Insert block in multiplex.conf
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/nginx/modules-enabled/multiplex.conf
|
|
insertafter: "web_backend;"
|
|
line: "{{ domain }} web_backend;"
|
|
notify: reload nginx
|
|
|
|
- name: Enable nginx vhost
|
|
ansible.builtin.file:
|
|
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
|
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
|
state: link
|
|
notify: reload nginx
|