---
- name: Basic Setup
hosts: sk-testvm
roles:
- role: apt-repo/base
- role: core/base
- role: core/sshd/base
- role: core/zsh
- role: core/ntp
- name: Payload Setup
hosts: sk-testvm
vars:
acme_client: uacme
# acme_client: acmetool
cert_provider: "{{ acme_client }}"
# cert_provider: static
# cert_provider: selfsigned
roles:
- role: "x509/{{ cert_provider }}/base"
- role: nginx/base
post_tasks:
- name: make sure document root directories exist
loop:
- test
- default
file:
path: "/var/www/{{ item }}"
state: directory
- name: install index.html for default server
copy:
dest: /var/www/default/index.html
content: |
No Such Site
You have reached testvm.elev8.at, nothing to see here.
- name: install default vhost
vars:
nginx_vhost:
default: yes
name: nosuchsite
template: generic
tls:
certificate_provider: "{{ cert_provider }}"
hsts: no
hostnames:
- testvm.elev8.at
locations:
'/':
root: /var/www/default
index: index.html
# static_cert_config: "{{ static_cert_config__default }}"
# selfsigned_cert_config:
# cert:
# organization_name: "elev8"
# organizational_unit_name: "ansible"
# key_usage:
# - digitalSignature
# - keyAgreement
# key_usage_critical: yes
# extended_key_usage:
# - serverAuth
# extended_key_usage_critical: yes
# create_subject_key_identifier: yes
# not_after: +1000w
include_role:
name: nginx/vhost
- name: install index.html for test server
copy:
dest: /var/www/test/index.html
content: |
This is Test
If you can read this the test was successful.
- name: install test vhost
vars:
nginx_vhost:
name: test
template: generic
tls:
certificate_provider: "{{ cert_provider }}"
hsts: no
hostnames:
- test.spreadspace.org
- test.spreadspace.com
- test.spreadspace.net
- test.spreadspace.systems
locations:
'/':
root: /var/www/test
index: index.html
# static_cert_config: "{{ static_cert_config__test }}"
# selfsigned_cert_config:
# cert:
# organization_name: "spreadspace"
# organizational_unit_name: "ansible"
# key_usage:
# - digitalSignature
# - keyAgreement
# key_usage_critical: yes
# extended_key_usage:
# - serverAuth
# extended_key_usage_critical: yes
# create_subject_key_identifier: yes
# not_after: +100w
include_role:
name: nginx/vhost