HTTPS for pelicans.

ansible.cfg

@@ -1,2 +1,3 @@
 [defaults]
 inventory = inventory
+nocows = 1

playbook.yml

@@ -1,23 +1,26 @@
 ---
 
+- hosts: all
+  roles: [common]
+
 - hosts: gallery
-  roles: [common, gallery]
+  roles: [gallery]
 
 - hosts: pycons
-  roles: [common, pelican]
+  roles: [pelican]
   vars:
     pelican_user: pycon2010
-    pelican_https: false
+    pelican_https: true
     pelican_domain: 2010.pycon.fr
     pelican_repo: https://github.com/AFPy/pyconfr_2010
     pelican_path_in_repo: 2010/
     pelican_home: "/srv/{{ pelican_user }}/"
 
 - hosts: pycons
-  roles: [common, pelican]
+  roles: [pelican]
   vars:
     pelican_user: pycon2011
-    pelican_https: false
+    pelican_https: true
     pelican_domain: 2011.pycon.fr
     pelican_repo: https://github.com/AFPy/pyconfr_2010
     pelican_path_in_repo: 2011/

roles/letsencrypt/README.md

@@ -0,0 +1,10 @@
+# Letsencrypt role
+
+This role uses the standalone mode of certbot if no webserver is
+running (typically during the first installation), else uses the nginx
+module.
+
+Note that existing certificates are renewed (using the nginx module)
+as a cron task/systemd timer.
+
+It creates snippets in `/etc/nginx/snippets/letsencrypt-{{ fqdn }}.conf`.

roles/pelican/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - { role: letsencrypt, domains: ["{{ pelican_domain }}"] }

roles/pelican/templates/nginx-vhost

@@ -16,7 +16,7 @@ server
     include snippets/letsencrypt-{{ pelican_domain }}.conf;
 
     location / {
-        root {{ pelican_home }}/repo/_build/;
+        root {{ pelican_home }}/www/;
         try_files $uri $uri/ =404;
     }
 }