#!/usr/bin/ansible-playbook # vim:ft=ansible: --- - name: Install, configure, and start Nextcloud block: - name: Install Nextcloud-required packages apt: name: "{{ packages }}" vars: packages: - apache2 - mariadb-server - libapache2-mod-php - php7.2 - php7.2-xml - php7.2-curl - php7.2-gd - php7.2-cgi - php7.2-cli - php7.2-zip - php7.2-mysql - php7.2-mbstring - python-openssl # Needed for keygen - python3-openssl - name: Copy configuration block: - name: php-apache2 copy: src: php-apache2.ini dest: /etc/php/7.2/apache2/php.ini mode: 644 - name: php-cgi copy: src: php-cgi.ini dest: /etc/php/7.2/cgi/php.ini mode: 644 - name: Register certificates block: - name: Set up our filesystem heirarchy file: path: "{{ item.dir }}" mode: "{{ item.mode }}" recurse: yes state: directory loop: - { dir: "/etc/pki", mode: "0600" } - { dir: "/etc/pki/cert", mode: "0600" } - { dir: "/etc/pki/cert/csr", mode: "0600" } - { dir: "/etc/pki/cert/fullchain", mode: "0600" } - { dir: "/etc/pki/cert/private", mode: "0600" } - { dir: "/etc/pki/cert/challenge/{{ website_url }}", mode: "0600" } - name: Create ACME account key openssl_privatekey: path: "/etc/pki/cert/private/account.key" size: 4096 - name: Register ACME account acme_account: account_key: "/etc/pki/cert/private/account.key" acme_directory: "{{ acme_directory }}" acme_version: "{{ acme_version }}" terms_agreed: yes - name: Create CSR openssl_csr: path: "/etc/pki/cert/csr/{{ website_url }}.csr" common_name: "{{ website_url }}" privatekey_path: /etc/pki/cert/private/account.key email_address: "rehashedsalt@cock.li" - name: Register LE cert acme_certificate: acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" acme_version: 2 terms_agreed: yes account_email: "rehashedsalt@cock.li" account_key: /etc/pki/cert/private/account.key csr: "/etc/pki/cert/csr/{{ website_url }}.csr" dest: "/etc/pki/cert/{{ website_url }}.crt" fullchain_dest: "/etc/pki/cert/fullchain/{{ website_url }}.crt" become: true