Added cerbot renewal jobs

roles/certbot/defaults/main.yaml

@@ -1,3 +1,21 @@
 ---
 certbot_package_name: certbot
 certbot_package_state: present
+
+certbot_service_name: certbot.service
+
+certbot_timer_name: certbot.timer
+certbot_timer_state: started
+certbot_timer_enabled: yes
+
+certbot_cron_user: root
+certbot_cron_file_path: /etc/cron.d/certbot
+certbot_cron_env:
+  path: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+  shell: /bin/sh
+certbot_cron_command: test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
+cerbot_cron_hour: "*/12"
+cerbot_cron_minute: "0"
+
+certbot_system_timer_on_calender: "*-*-* 00,12:00:00"
+certbot_system_timer_randomized_delay_sec: 43200

roles/certbot/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: systemd daemon-reload
+  systemd:
+    name: "{{ certbot_service_name }}"
+    daemon_reload: yes
+    state: restarted

roles/certbot/tasks/main.yaml

@@ -39,3 +39,47 @@
 - name: request certificates
   include_tasks: "issue.yaml"
   loop: "{{ certbot_certificates }}"
+
+- name: configure systemd timer
+  block:
+    - name: create systemd timer override directory
+      file:
+        path: "/etc/systemd/system/{{ certbot_timer_name }}.d"
+        owner: root
+        group: root
+        mode: 0755
+        state: directory
+
+    - name: configure systemd timer options
+      template:
+        src: certbot.timer.j2
+        dest: "/etc/systemd/system/{{ certbot_timer_name }}.d/override.conf"
+        owner: root
+        group: root
+        mode: 0644
+      notify: systemd daemon-reload
+    - name: enable the timer
+      systemd:
+        name: "{{ certbot_timer_name }}"
+        state: "{{ certbot_timer_state }}"
+        enabled: "{{ certbot_timer_enabled }}"
+  when: ansible_service_mgr == "systemd"
+
+- name: configure cron job
+  block:
+    - name: configure env
+      cron:
+        name: "{{ item.key | upper }}"
+        env: yes
+        job: "{{ item.value }}"
+        user: "{{ certbot_cron_user }}"
+        cron_file: "{{ certbot_cron_file_path }}"
+      loop: "{{ certbot_cron_env | dict2items }}"
+    - name: create job
+      cron:
+        name: certbot
+        user: "{{ certbot_cron_user }}"
+        hour: "{{ certbot_cron_hour }}"
+        minute: "{{ certbot_cron_minute }}"
+        cron_file: "{{ certbot_cron_file_path }}"
+        job: "{{ certbot_cron_command }}"

roles/certbot/templates/certbot.timer.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[Timer]
+OnCalendar={{ certbot_system_timer_on_calender }} 
+RandomizedDelaySec={{ certbot_system_timer_randomized_delay_sec }}

roles/rsyslog/templates/archival.conf.j2

@@ -24,4 +24,12 @@ template(
     type="omfile"
     dynafile="FilePerDay"
     template="RSYSLOG_FileFormat"
+    fileCreateMode="{{ rsyslog_file_create_mode }}"
+    dirCreateMode="{{ rsyslog_dir_create_mode }}"
+    createDirs="{{ rsyslog_create_dirs | ternary('on', 'off') }}"
+    fileOwner="{{ rsyslog_file_owner }}"
+    fileGroup="{{ rsyslog_file_group }}"
+    dirOwner="{{ rsyslog_file_owner }}"
+    dirGroup="{{ rsyslog_file_group }}"
+    umask="{{ rsyslog_umask }}"
 )

roles/rsyslog/templates/rsyslog.conf.j2

@@ -27,9 +27,18 @@ $FileOwner {{ rsyslog_file_owner }}
 {% if rsyslog_file_group is defined %}
 $FileGroup {{ rsyslog_file_group }}
 {% endif %}
+{% if rsyslog_dir_owner is defined %}
+$FileOwner {{ rsyslog_dir_owner }}
+{% endif %}
+{% if rsyslog_dir_group is defined %}
+$FileGroup {{ rsyslog_dir_group }}
+{% endif %}
 {% if rsyslog_file_create_mode is defined %}
 $FileCreateMode {{ rsyslog_file_create_mode }}
 {% endif %}
+{% if rsyslog_create_dirs is defined %}
+CreateDirs {{ rsyslog_create_dirs | ternary('on', 'off') }}
+{% endif %}
 {% if rsyslog_dir_create_mode is defined %}
 $DirCreateMode {{ rsyslog_dir_create_mode }}
 {% endif %}

roles/rsyslog/vars/Debian.yaml

@@ -1,8 +1,11 @@
 ---
 rsyslog_file_owner: syslog
 rsyslog_file_group: adm
-rsyslog_file_create_mode: "0644"
+rsyslog_dir_owner: syslog
+rsyslog_dir_group: adm
+rsyslog_file_create_mode: "0640"
 rsyslog_dir_create_mode: "0755"
+rsyslog_create_dirs: yes
 rsyslog_umask: "0022"
 rsyslog_priv_drop_to_user: syslog
 rsyslog_priv_drop_to_group: syslog