From 77651d01a07e59efc7847758c57685d34178a793 Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Tue, 12 Feb 2019 22:53:09 +0100
Subject: [PATCH] HTTPS for pelicans.

---
 ansible.cfg                         |  1 +
 playbook.yml                        | 13 ++++++++-----
 roles/letsencrypt/README.md         | 10 ++++++++++
 roles/pelican/meta/main.yml         |  4 ++++
 roles/pelican/templates/nginx-vhost |  2 +-
 5 files changed, 24 insertions(+), 6 deletions(-)
 create mode 100644 roles/letsencrypt/README.md
 create mode 100644 roles/pelican/meta/main.yml

diff --git a/ansible.cfg b/ansible.cfg
index f8fc6cd..060844a 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,2 +1,3 @@
 [defaults]
 inventory = inventory
+nocows = 1
diff --git a/playbook.yml b/playbook.yml
index 0743ae6..b41dd8b 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,23 +1,26 @@
 ---
 
+- hosts: all
+  roles: [common]
+
 - hosts: gallery
-  roles: [common, gallery]
+  roles: [gallery]
 
 - hosts: pycons
-  roles: [common, pelican]
+  roles: [pelican]
   vars:
     pelican_user: pycon2010
-    pelican_https: false
+    pelican_https: true
     pelican_domain: 2010.pycon.fr
     pelican_repo: https://github.com/AFPy/pyconfr_2010
     pelican_path_in_repo: 2010/
     pelican_home: "/srv/{{ pelican_user }}/"
 
 - hosts: pycons
-  roles: [common, pelican]
+  roles: [pelican]
   vars:
     pelican_user: pycon2011
-    pelican_https: false
+    pelican_https: true
     pelican_domain: 2011.pycon.fr
     pelican_repo: https://github.com/AFPy/pyconfr_2010
     pelican_path_in_repo: 2011/
diff --git a/roles/letsencrypt/README.md b/roles/letsencrypt/README.md
new file mode 100644
index 0000000..62b97b8
--- /dev/null
+++ b/roles/letsencrypt/README.md
@@ -0,0 +1,10 @@
+# Letsencrypt role
+
+This role uses the standalone mode of certbot if no webserver is
+running (typically during the first installation), else uses the nginx
+module.
+
+Note that existing certificates are renewed (using the nginx module)
+as a cron task/systemd timer.
+
+It creates snippets in `/etc/nginx/snippets/letsencrypt-{{ fqdn }}.conf`.
diff --git a/roles/pelican/meta/main.yml b/roles/pelican/meta/main.yml
new file mode 100644
index 0000000..cfd2384
--- /dev/null
+++ b/roles/pelican/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - { role: letsencrypt, domains: ["{{ pelican_domain }}"] }
diff --git a/roles/pelican/templates/nginx-vhost b/roles/pelican/templates/nginx-vhost
index b0ef1ca..ccf1e2f 100644
--- a/roles/pelican/templates/nginx-vhost
+++ b/roles/pelican/templates/nginx-vhost
@@ -16,7 +16,7 @@ server
     include snippets/letsencrypt-{{ pelican_domain }}.conf;
 
     location / {
-        root {{ pelican_home }}/repo/_build/;
+        root {{ pelican_home }}/www/;
         try_files $uri $uri/ =404;
     }
 }