--- cloud_apps: /opt cloud_storage: /opt/storage cloud_stage: prod cloud_update: false www_root: /var/www www_group: www-data web_sites: [] # - domain: my-domain.tld # filetag: file.my-domain.tld # state: present # stream: false # owner: user # port: 80 # port_option: "" # root: "{{ www_root }}/my-domain.tld" # root_setup: True # index: # - index.html # - index.htm # - index.php # locations: # - location: "/" # options: "try_files $uri $uri/ =404;" # options: # access_log: "/var/log/nginx/my-domain-access.log" # option_key: "option_value" # add_header: # - Referrer-Policy \"no-referrer\" always # - someother header # pre_options: "" # post_options: "" nginx_conf_http: [] nginx_conf: [] nginx_worker_count: 768 nginx_pid: /run/nginx.pid nginx_log_path: /var/log/nginx nginx_gzip: true letsencrypt_mail_address: admin@my-domain.tld letsencrypt_renewal_scripts: [] # - name: "copy_to_coturn_folder" # type: "deploy" # content: | # #!/bin/sh # set -e # for domain in $RENEWED_DOMAINS; do # case $domain in # example.com) # daemon_cert_root=/etc/coturn/certs # # Make sure the certificate and private key files are # # never world readable, even just for an instant while # # we're copying them into daemon_cert_root. # umask 077 # cp "$RENEWED_LINEAGE/fullchain.pem" "$daemon_cert_root/$domain.cert" # cp "$RENEWED_LINEAGE/privkey.pem" "$daemon_cert_root/$domain.key" # # Apply the proper file ownership and permissions for # # the daemon to read its certificate and key. # chown turnserver "$daemon_cert_root/$domain.cert" \ # "$daemon_cert_root/$domain.key" # chmod 400 "$daemon_cert_root/$domain.cert" \ # "$daemon_cert_root/$domain.key" # service coturn restart >/dev/null # ;; # esac # done