71 lines
No EOL
2.1 KiB
YAML
71 lines
No EOL
2.1 KiB
YAML
---
|
|
- name: Set OS dependent variables
|
|
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
|
vars:
|
|
params:
|
|
files:
|
|
- "{{ ansible_distribution | lower }}_{{ ansible_distribution_version | lower }}.yml"
|
|
- "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version | lower }}.yml"
|
|
- "{{ ansible_distribution | lower }}.yml"
|
|
- "{{ ansible_os_family | lower }}.yml"
|
|
- "{{ ansible_system | lower }}.yml"
|
|
paths:
|
|
- '{{ role_path }}/vars'
|
|
ignore_errors: True
|
|
|
|
- name: OS is supported
|
|
ansible.builtin.assert:
|
|
that: __os_supported
|
|
quiet: True
|
|
vars:
|
|
__os_supported: "{{ lookup('vars', '{}_os_supported'.format(role_name)) | bool }}"
|
|
|
|
- name: Install certbot
|
|
apt:
|
|
state: latest
|
|
pkg:
|
|
- certbot
|
|
update_cache: yes
|
|
|
|
- name: Ensure certbot dir exists
|
|
file:
|
|
path: "{{ certbot_renewal_scripts_path }}"
|
|
state: directory
|
|
|
|
- name: Set renewal script if desired
|
|
copy:
|
|
content: "{{ certbot_post_renewal_script }}"
|
|
dest: "{{ certbot_renewal_scripts_path }}{{ certbot_domains[0] }}.sh"
|
|
mode: 0700
|
|
when: certbot_post_renewal_script is defined
|
|
|
|
- name: Set certbot systemd service
|
|
template:
|
|
src: certbot.service.j2
|
|
dest: "{{ certbot_service_path }}"
|
|
mode: 0600
|
|
|
|
- name: Ensure certbot systemd service is enabled
|
|
systemd:
|
|
name: certbot.service
|
|
state: reloaded
|
|
enabled: yes
|
|
|
|
- name: Ensure certbot systemd timer is enabled
|
|
systemd:
|
|
name: certbot.timer
|
|
state: reloaded
|
|
enabled: yes
|
|
|
|
- name: Check whether the cert already exists
|
|
stat:
|
|
path: "{{ certbot_live_certs_path }}{{ certbot_domains[0] }}/fullchain.pem"
|
|
register: live_cert
|
|
|
|
- name: Obtain certificate
|
|
shell: certbot {% if not certbot_install_cert %}certonly{% endif %} --nginx --rsa-key-size 4096 {% for domain in certbot_domains %}-d {{ domain }} {% endfor %}-m {{ certbot_mail_address }} --agree-tos
|
|
when: live_cert.stat.exists == False
|
|
|
|
- name: Execute post-renewal script if desired
|
|
shell: "{{ certbot_renewal_scripts_path }}{{ certbot_domains[0] }}.sh"
|
|
when: certbot_immediately_execute_script |