feat: full untested ansible setup
This commit is contained in:
Twirre Meulenbelt
35
roles/certbot/tasks/main.yml
Normal file
35
roles/certbot/tasks/main.yml
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
- name: Install certbot packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ certbot_packages }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Ensure ACME webroot exists
|
||||
ansible.builtin.file:
|
||||
path: /var/www/letsencrypt
|
||||
state: directory
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: "0755"
|
||||
|
||||
- name: Enable certbot timer
|
||||
ansible.builtin.service:
|
||||
name: certbot.timer
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Request managed certificates
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
certbot certonly --non-interactive --agree-tos
|
||||
--email {{ certbot_email }}
|
||||
--webroot -w /var/www/letsencrypt
|
||||
--cert-name {{ item.name }}
|
||||
{% for domain in item.domains %}-d {{ domain }} {% endfor %}
|
||||
args:
|
||||
creates: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
|
||||
when: certbot_manage_certificates | bool
|
||||
loop: "{{ certbot_certificates }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
Reference in New Issue
Block a user