From e59b52a9fad02dcd2b94d5ff6babea4b088afde6 Mon Sep 17 00:00:00 2001
From: Expand <Expand@ur-mom.gay>
Date: Tue, 12 Dec 2023 08:49:38 +1100
Subject: [PATCH] hell yeah now i can access the admin page

---
 main.ansible.yml | 55 ++++++++++++++++++++++++++++++++++++------------
 1 file changed, 42 insertions(+), 13 deletions(-)

diff --git a/main.ansible.yml b/main.ansible.yml
index 0494ab6..4eb9730 100644
--- a/main.ansible.yml
+++ b/main.ansible.yml
@@ -16,6 +16,11 @@
           - python3-pip
           - libaugeas0
           - nginx
+          - php7.4-fpm
+          - php7.4-cgi 
+          - php7.4-xml 
+          - php7.4-sqlite3 
+          - php7.4-intl 
         state: present
     
     - name: install virtualenv via pip3
@@ -28,18 +33,23 @@
         name: certbot
         virtualenv: /opt/certbot/
         state: present
+
+    - name: install certbot via pip3
+      ansible.builtin.pip:
+        name: certbot-nginx
+        virtualenv: /opt/certbot/
+        state: present
     
     - name: stop lighttpd, so that certbot can run
       ansible.builtin.systemd_service:
         name: lighttpd
         state: stopped
-
-    - name: stop nginx if running, so that certbot can run
+    
+    - name: stop nginx, so that certbot can run
       ansible.builtin.systemd_service:
         name: nginx
         state: stopped
 
-
     - name: link certbot to /usr/bin 
       ansible.builtin.shell:
         cmd: |
@@ -62,34 +72,46 @@
     - name: remove default site nginx
       ansible.builtin.file:
         state: absent
-        path: /etc/nginx/sites-enabled/default.conf
+        path: /etc/nginx/sites-enabled/default
+
     - name: create new config for pihol configuration
       ansible.builtin.blockinfile:
         content: |
           server {
             listen 80;
+            listen 443 ssl;
             listen [::]:80;
+            listen [::]:443 ssl;
+            ssl_certificate /etc/letsencrypt/live/{{ DNSDOMAIN }}/fullchain.pem; # managed by Certbot
+            ssl_certificate_key /etc/letsencrypt/live/{{ DNSDOMAIN }}/privkey.pem; # managed by Certbot
             root /var/www/html;
             server_name {{ DNSDOMAIN }};
             autoindex off;
+
             index pihole/index.php index.php index.html index.htm;
+
             location / {
-                    expires max;
-                    try_files $uri $uri/ =404;
+              expires max;
             }
+
             location ~ \.php$ {
-                    include snippets/fastcgi-php.conf;
-                    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+                include fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+                fastcgi_param FQDN true;
             }
+
             location /*.js {
-                    index pihole/index.js;
+                index pihole/index.js;
             }
+
             location /admin {
-                    root /var/www/html;
-                    index index.php index.html index.htm;
+                root /var/www/html;
+                index index.php index.html index.htm;
             }
+
             location ~ /\.ht {
-                    deny all;
+                deny all;
             }
           }
         path: /etc/nginx/sites-enabled/dnsovertls.conf
@@ -117,8 +139,15 @@
           }
         path: /etc/nginx/streams/dnsovertls.conf
         create: true
+
+    
+    - name: Start nginx
+      ansible.builtin.systemd_service:
+        name: php7.4-fpm
+        state: restarted
+        enabled: true
     - name: Start nginx
       ansible.builtin.systemd_service:
         name: nginx
-        state: started
+        state: restarted
         enabled: true
\ No newline at end of file