Add certbot role
This commit is contained in:
3
roles/certbot/defaults/main.yaml
Normal file
3
roles/certbot/defaults/main.yaml
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
certbot_package_name: certbot
|
||||||
|
certbot_package_state: present
|
||||||
4
roles/certbot/tasks/Ubuntu.yaml
Normal file
4
roles/certbot/tasks/Ubuntu.yaml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- name: configure ppa
|
||||||
|
apt_repository:
|
||||||
|
repo: "ppa:certbot/certbot"
|
||||||
9
roles/certbot/tasks/issue.yaml
Normal file
9
roles/certbot/tasks/issue.yaml
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- name: "determine if certificate for {{ item.domains | join(', ') }}"
|
||||||
|
stat:
|
||||||
|
path: "/etc/letsencrypt/live/{{ item.domains | first }}/cert.pem"
|
||||||
|
register: st
|
||||||
|
|
||||||
|
- name: "request certificate for {{ item.domains | join(', ') }}"
|
||||||
|
command: "[[ ! -e certbot certonly --webroot -w {{ certbot_challenge_webroot_path }} --agree-tos --noninteractive --email {{ item.email }} -d {{ item.domains | join(',') }}"
|
||||||
|
when: not st.stat.exists
|
||||||
41
roles/certbot/tasks/main.yaml
Normal file
41
roles/certbot/tasks/main.yaml
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
- name: gather os specific variables
|
||||||
|
include_vars: "{{ lookup('first_found', possible_files) }}"
|
||||||
|
vars:
|
||||||
|
possible_files:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||||
|
- "{{ ansible_distribution }}.yaml"
|
||||||
|
- "{{ ansible_os_family }}.yaml"
|
||||||
|
- "default.yaml"
|
||||||
|
paths:
|
||||||
|
- vars
|
||||||
|
|
||||||
|
- name: include os specific tasks
|
||||||
|
include_tasks: "{{ lookup('first_found', possible_files) }}"
|
||||||
|
vars:
|
||||||
|
possible_files:
|
||||||
|
files:
|
||||||
|
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
|
||||||
|
- "{{ ansible_distribution }}.yaml"
|
||||||
|
- "{{ ansible_os_family }}.yaml"
|
||||||
|
- "default.yaml"
|
||||||
|
paths:
|
||||||
|
- tasks
|
||||||
|
|
||||||
|
- name: install certbot modules
|
||||||
|
package:
|
||||||
|
name: "{{ certbot_package_name }}"
|
||||||
|
state: "{{ certbot_package_state }}"
|
||||||
|
|
||||||
|
- name: configure challenge webroot
|
||||||
|
file:
|
||||||
|
path: "{{ certbot_challenge_webroot_path }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: request certificates
|
||||||
|
include_tasks: "issue.yaml"
|
||||||
|
loop: "{{ certbot_certificates }}"
|
||||||
2
roles/certbot/vars/Debian.yaml
Normal file
2
roles/certbot/vars/Debian.yaml
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
certbot_challenge_webroot_path: /var/www/.acme-challenge
|
||||||
Reference in New Issue
Block a user