From 932f04db5bb9a4f09cd68a660263ed9d49d034cf Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Sun, 24 Nov 2019 18:50:05 -0600 Subject: [PATCH] Add certbot role --- roles/certbot/defaults/main.yaml | 3 +++ roles/certbot/tasks/Ubuntu.yaml | 4 ++++ roles/certbot/tasks/issue.yaml | 9 +++++++ roles/certbot/tasks/main.yaml | 41 ++++++++++++++++++++++++++++++++ roles/certbot/vars/Debian.yaml | 2 ++ 5 files changed, 59 insertions(+) create mode 100644 roles/certbot/defaults/main.yaml create mode 100644 roles/certbot/tasks/Ubuntu.yaml create mode 100644 roles/certbot/tasks/issue.yaml create mode 100644 roles/certbot/tasks/main.yaml create mode 100644 roles/certbot/vars/Debian.yaml diff --git a/roles/certbot/defaults/main.yaml b/roles/certbot/defaults/main.yaml new file mode 100644 index 0000000..f1c788a --- /dev/null +++ b/roles/certbot/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +certbot_package_name: certbot +certbot_package_state: present diff --git a/roles/certbot/tasks/Ubuntu.yaml b/roles/certbot/tasks/Ubuntu.yaml new file mode 100644 index 0000000..261768b --- /dev/null +++ b/roles/certbot/tasks/Ubuntu.yaml @@ -0,0 +1,4 @@ +--- +- name: configure ppa + apt_repository: + repo: "ppa:certbot/certbot" diff --git a/roles/certbot/tasks/issue.yaml b/roles/certbot/tasks/issue.yaml new file mode 100644 index 0000000..af40e59 --- /dev/null +++ b/roles/certbot/tasks/issue.yaml @@ -0,0 +1,9 @@ +--- +- name: "determine if certificate for {{ item.domains | join(', ') }}" + stat: + path: "/etc/letsencrypt/live/{{ item.domains | first }}/cert.pem" + register: st + +- name: "request certificate for {{ item.domains | join(', ') }}" + command: "[[ ! -e certbot certonly --webroot -w {{ certbot_challenge_webroot_path }} --agree-tos --noninteractive --email {{ item.email }} -d {{ item.domains | join(',') }}" + when: not st.stat.exists diff --git a/roles/certbot/tasks/main.yaml b/roles/certbot/tasks/main.yaml new file mode 100644 index 0000000..04f2adf --- /dev/null +++ b/roles/certbot/tasks/main.yaml @@ -0,0 +1,41 @@ +--- +- name: gather os specific variables + include_vars: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - vars + +- name: include os specific tasks + include_tasks: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - tasks + +- name: install certbot modules + package: + name: "{{ certbot_package_name }}" + state: "{{ certbot_package_state }}" + +- name: configure challenge webroot + file: + path: "{{ certbot_challenge_webroot_path }}" + state: "directory" + owner: root + group: root + mode: 0755 + +- name: request certificates + include_tasks: "issue.yaml" + loop: "{{ certbot_certificates }}" diff --git a/roles/certbot/vars/Debian.yaml b/roles/certbot/vars/Debian.yaml new file mode 100644 index 0000000..da805ee --- /dev/null +++ b/roles/certbot/vars/Debian.yaml @@ -0,0 +1,2 @@ +--- +certbot_challenge_webroot_path: /var/www/.acme-challenge