From a64dc9ffc2b36f9619121defe84f054701a8e3be Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Sun, 6 Sep 2020 09:38:27 +0200
Subject: [PATCH] Certbot and Nginx disappeared in Ansible conf

---
 ansible/roles/4-certbot/tasks/main.yml        | 21 +++++++++
 .../templates/letsencrypt/conf.d/nk20.ini.j2  | 20 +++++++++
 ansible/roles/5-nginx/tasks/main.yml          | 44 +++++++++++++++++++
 3 files changed, 85 insertions(+)
 create mode 100644 ansible/roles/4-certbot/tasks/main.yml
 create mode 100644 ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
 create mode 100644 ansible/roles/5-nginx/tasks/main.yml

diff --git a/ansible/roles/4-certbot/tasks/main.yml b/ansible/roles/4-certbot/tasks/main.yml
new file mode 100644
index 00000000..52bc0d67
--- /dev/null
+++ b/ansible/roles/4-certbot/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Install basic APT packages
+  apt:
+    update_cache: true
+    name:
+      - certbot
+      - python3-certbot-nginx
+  register: pkg_result
+  retries: 3
+  until: pkg_result is succeeded
+
+- name: Create /etc/letsencrypt/conf.d
+  file:
+    path: /etc/letsencrypt/conf.d
+    state: directory
+
+- name: Add Certbot configuration
+  template:
+    src: "letsencrypt/conf.d/nk20.ini.j2"
+    dest: "/etc/letsencrypt/conf.d/nk20.ini"
+    mode: 0644
diff --git a/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2 b/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
new file mode 100644
index 00000000..b02abf5a
--- /dev/null
+++ b/ansible/roles/4-certbot/templates/letsencrypt/conf.d/nk20.ini.j2
@@ -0,0 +1,20 @@
+{{ ansible_managed | comment }}
+
+# To generate the certificate, please use the following command
+# certbot --config /etc/letsencrypt/conf.d/nk20.ini certonly
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = notekfet2020@lists.crans.org
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Use DNS-01 challenge
+authenticator = nginx
+
diff --git a/ansible/roles/5-nginx/tasks/main.yml b/ansible/roles/5-nginx/tasks/main.yml
new file mode 100644
index 00000000..431e470b
--- /dev/null
+++ b/ansible/roles/5-nginx/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+- name: Install NGINX
+  apt:
+    name: nginx
+  register: pkg_result
+  retries: 3
+  until: pkg_result is succeeded
+
+- name: Copy conf of Nginx
+  template:
+    src: "nginx_note.conf"
+    dest: /etc/nginx/sites-available/nginx_note.conf
+    mode: 0644
+    owner: www-data
+    group: www-data
+
+- name: Enable Nginx site
+  file:
+    src: /etc/nginx/sites-available/nginx_note.conf
+    dest: /etc/nginx/sites-enabled/nginx_note.conf
+    owner: www-data
+    group: www-data
+    state: link
+
+- name: Disable default Nginx site
+  file:
+    dest: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Copy conf of UWSGI
+  file:
+    src: /var/www/note_kfet/uwsgi_note.ini
+    dest: /etc/uwsgi/apps-enabled/uwsgi_note.ini
+    state: link
+
+- name: Reload Nginx
+  systemd:
+    name: nginx
+    state: reloaded
+
+- name: Restart UWSGI
+  systemd:
+    name: uwsgi
+    state: restarted