Oops, fix serving over IPv6 (and therefore HTTPS cert renewal!)

Oh wow, TIL you need a special invocation in nginx to listen on IPv6 as
well as IPv4. This was both presumably breaking clients trying to
connect over IPv6 (I guess we never ran into that in a browser?), but
also breaking certbot's certificate renewal attempts, because Let's
Encrypt prefers IPv6 when possible. Okay!

README.md

@@ -18,9 +18,9 @@ these are all very basic commands, captured in script form for convenience!)
 - `setup-plausible.yml`: Sets up the Plausible server itself, as a `systemd`
   service running Plausible's official Docker container.
 
-You can run them individually, or all at once, with `run.sh`:
+You can run them individually, or all at once, with `ansible-playbook`:
 
-    run.sh setup-all.yml
+    ansible-playbook setup-all.yml
 
 If you're interested in setting up your own Plausible service, this could be
 useful as a starting point, there's not much custom here! Just a couple things

ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+inventory = inventory.cfg
+
+[privilege_escalation]
+become_ask_pass = True

run.sh

@@ -1 +0,0 @@
-ansible-playbook -i inventory.cfg --ask-become-pass $@

setup-nginx.yml

@@ -29,7 +29,7 @@
         content: |
           server {
             server_name analytics.openneo.net;
-            listen 80;
+            listen [::]:80;
             if ($host = analytics.openneo.net) {
               return 301 https://$host$request_uri;
             }
@@ -37,7 +37,7 @@
 
           server {
             server_name analytics.openneo.net;
-            listen 443 ssl;
+            listen [::]:443 ssl;
             ssl_certificate /etc/letsencrypt/live/analytics.openneo.net/fullchain.pem;
             ssl_certificate_key /etc/letsencrypt/live/analytics.openneo.net/privkey.pem;
             include /etc/letsencrypt/options-ssl-nginx.conf;