From 716d0f1dc8924f0a73a44483b880b581d2b7d161 Mon Sep 17 00:00:00 2001
From: Erik Stambaugh <erik@erikstambaugh.com>
Date: Sun, 21 Jan 2024 08:02:49 -0800
Subject: [PATCH] Get certbot to work and make mastodon serve without conflict

---
 ansible/roles/certbot/templates/docker-compose.yaml | 3 +--
 ansible/roles/mastodon/tasks/main.yaml              | 1 +
 ansible/roles/nginx/templates/nginx.conf            | 7 ++++---
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/certbot/templates/docker-compose.yaml b/ansible/roles/certbot/templates/docker-compose.yaml
index bcb6097..9a2bb98 100644
--- a/ansible/roles/certbot/templates/docker-compose.yaml
+++ b/ansible/roles/certbot/templates/docker-compose.yaml
@@ -9,8 +9,7 @@ services:
       - /srv/certbot/www:/var/www/certbot
     entrypoint: >
       /bin/sh -c 'trap exit TERM;
-      certbot certonly --noninteractive --register-unsafely-without-email --agree-tos --reinstall --cert-name {{domain_name}} -d {{domain_name}} --webroot --webroot-path=/var/www/certbot
-      ; while :; do certbot renew --noninteractive --webroot --webroot-path=/var/www/certbot --cert-name {{domain_name}}
+      while :; do certbot renew --noninteractive --webroot --webroot-path=/var/www/certbot --cert-name {{domain_name}}
       ; sleep 12h & wait $${!}; done;'
     networks:
       - nginx
diff --git a/ansible/roles/mastodon/tasks/main.yaml b/ansible/roles/mastodon/tasks/main.yaml
index d6d011f..6def033 100644
--- a/ansible/roles/mastodon/tasks/main.yaml
+++ b/ansible/roles/mastodon/tasks/main.yaml
@@ -17,6 +17,7 @@
   git:
     repo: "https://tea.entar.net/teh/mastodon.git"
     dest: /srv/mastodon/src
+    version: deploy
 
 - name: docker-compose file
   template:
diff --git a/ansible/roles/nginx/templates/nginx.conf b/ansible/roles/nginx/templates/nginx.conf
index 525d6e5..c7cf213 100644
--- a/ansible/roles/nginx/templates/nginx.conf
+++ b/ansible/roles/nginx/templates/nginx.conf
@@ -9,7 +9,7 @@ http {
     charset utf-8;
     server {
         listen 80;
-        server_name {{domain_name}};
+        server_name {{domain_name}}_base;
         server_tokens off;
 
         location /.well-known/acme-challenge/ {
@@ -28,7 +28,7 @@ http {
 
         listen  443 ssl default_server;
 
-        server_name {{domain_name}};
+        server_name {{domain_name}}_base;
 
         root    /usr/share/nginx/html;
         include /etc/nginx/mime.types;
@@ -37,7 +37,6 @@ http {
         ssl_certificate_key /etc/letsencrypt/live/{{domain_name}}/privkey.pem;
 
         include /etc/letsencrypt/options-ssl-nginx.conf;
-#        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
         location / {
             try_files $uri $uri/ /index.html;
@@ -71,3 +70,5 @@ http {
     include /etc/nginx/conf.d/*.conf;
 
 }
+
+