New certbot role covering standalone and webroot setups
This commit is contained in:
parent
ca2aeff2f3
commit
d5a03479af
7 changed files with 52 additions and 0 deletions
|
@ -10,3 +10,9 @@ user_mgmt:
|
||||||
fritz:
|
fritz:
|
||||||
state: present
|
state: present
|
||||||
groups: sudo
|
groups: sudo
|
||||||
|
|
||||||
|
certbot_certs:
|
||||||
|
- [ "wiki.ccchb.de" ]
|
||||||
|
- [ "ccchb.de", "www.ccchb.de" ]
|
||||||
|
- [ "files.ccchb.de" ]
|
||||||
|
|
||||||
|
|
11
roles/certbot/defaults/main.yml
Normal file
11
roles/certbot/defaults/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
certbot_admin_email: hostmaster@ccchb.de
|
||||||
|
|
||||||
|
certbot_package: letsencrypt
|
||||||
|
|
||||||
|
certbot_method: webroot
|
||||||
|
certbot_webroot: /var/www/html
|
||||||
|
|
||||||
|
certbot_certs: []
|
||||||
|
|
||||||
|
certbot_renew: true
|
22
roles/certbot/tasks/main.yml
Normal file
22
roles/certbot/tasks/main.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
- name: Enable certbot timer.
|
||||||
|
systemd:
|
||||||
|
name: certbot.timer
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Install certbot.
|
||||||
|
package:
|
||||||
|
name: "{{ certbot_package }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Check for presence of certificates.
|
||||||
|
stat:
|
||||||
|
path: "/etc/letsencrypt/live/{{ item | first | replace(\"*.\", \"\") }}/cert.pem"
|
||||||
|
register: certs_presence
|
||||||
|
loop: "{{ certbot_certs }}"
|
||||||
|
|
||||||
|
- name: Obtain certificates.
|
||||||
|
include_tasks: 'obtain_{{ certbot_method }}.yml'
|
||||||
|
when: not item.stat.exists
|
||||||
|
loop: "{{ certs_presence.results }}"
|
||||||
|
...
|
4
roles/certbot/tasks/obtain_standalone.yml
Normal file
4
roles/certbot/tasks/obtain_standalone.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
- name: "Obtain certificate for {{ item.item | join(',') }}"
|
||||||
|
command: "certbot certonly --agree-tos -m {{ certbot_admin_email | quote }} -d {{ item.item | join(',') }} --standalone"
|
||||||
|
...
|
4
roles/certbot/tasks/obtain_webroot.yml
Normal file
4
roles/certbot/tasks/obtain_webroot.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
- name: "Obtain certificate for {{ item.item | join(',') }}"
|
||||||
|
command: "certbot certonly --agree-tos -m {{ certbot_admin_email | quote }} -d {{ item.item | join(',') }} --webroot -w {{ certbot_webroot | quote }}"
|
||||||
|
...
|
4
roles/certbot/templates/certbot.conf.j2
Normal file
4
roles/certbot/templates/certbot.conf.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
alias {{ certbot_webroot }}/.well-known/acme-challenge/;
|
||||||
|
allow all;
|
||||||
|
}
|
1
wiki.yml
1
wiki.yml
|
@ -4,3 +4,4 @@
|
||||||
become: yes
|
become: yes
|
||||||
roles:
|
roles:
|
||||||
- mediawiki
|
- mediawiki
|
||||||
|
- certbot
|
||||||
|
|
Loading…
Reference in a new issue