public_git
/
ansibleguy.infra_mariadb
mirror of https://github.com/ansibleguy/infra_certs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansibleguy.infra_mariadb/tasks/debian/letsencrypt/main.yml

88 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Certificates | Debian | LetsEncrypt Certbot | Checking config
ansible.builtin.fail:
msg: "The required configuration was not provided!
Needed: 'certs.letsencrypt.certs', 'certs.letsencrypt.service',
'certs.letsencrypt.email or certs.letsencrypt.email.certs.email'"
when: >
CERT_CONFIG.letsencrypt.certs | length == 0 or
CERT_CONFIG.letsencrypt.service is none | default(none, true) or
(CERT_CONFIG.letsencrypt.email | default(none, true) is none and not CERT_CONFIG.letsencrypt.certs|check_email)
- name: Certificates | Debian | LetsEncrypt Certbot | Checking service
ansible.builtin.fail:
msg: "You need to supply a supported LetsEncrypt Certbot service to use! (apache/nginx)"
when: "CERT_CONFIG.letsencrypt.service | default(none, true) is none or CERT_CONFIG.letsencrypt.service not in ['apache', 'nginx']"
- name: Certificates | Debian | LetsEncrypt Certbot | Configure for Apache2
ansible.builtin.import_tasks: apache.yml
when: CERT_CONFIG.letsencrypt.service == 'apache'
- name: Certificates | Debian | LetsEncrypt Certbot | Configure for Nginx
ansible.builtin.import_tasks: nginx.yml
when: CERT_CONFIG.letsencrypt.service == 'nginx'
- name: Certificates | Debian | LetsEncrypt Certbot | Pulling existing certs
ansible.builtin.shell: 'certbot certificates'
register: existing_certs_raw
changed_when: false
- name: Certificates | Debian | LetsEncrypt Certbot | Adding certificates
ansible.builtin.include_tasks: cert.yml
when:
- le_cert.domains | length > 0
- le_cert.state == 'present'
vars:
le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
le_name: "{{ cert_item.key | safe_key }}"
le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ le_name }}"
loop_control:
loop_var: cert_item
no_log: true
with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
- name: Certificates | Debian | LetsEncrypt Certbot | Removing certificates
ansible.builtin.command: "certbot revoke --cert-name {{ le_name }} && certbot delete --cert-name {{ le_name }}"
when:
- le_cert.state != 'present'
- existing_certs_raw.stdout.find(le_name) != -1
vars:
le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
le_name: "{{ cert_item.key | safe_key }}"
loop_control:
loop_var: cert_item
with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
- name: Certificates | Debian | LetsEncrypt Certbot | Cleanup for Apache2
ansible.builtin.import_tasks: apache_cleanup.yml
when: CERT_CONFIG.letsencrypt.service == 'apache'
- name: Certificates | Debian | LetsEncrypt Certbot | Cleanup for Nginx
ansible.builtin.import_tasks: nginx_cleanup.yml
when: CERT_CONFIG.letsencrypt.service == 'nginx'
- name: Certificates | Debian | LetsEncrypt Certbot | Adding service for certbot renewal
ansible.builtin.template:
src: "templates/etc/systemd/system/{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
owner: 'root'
group: 'root'
mode: 0644
with_items:
- 'ansibleguy.infra_certs.LetsEncryptCertbot.service'
- 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
- name: Certificates | Debian | LetsEncrypt Certbot | Enabling cert-renewal timer
ansible.builtin.systemd:
daemon_reload: yes
name: 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
enabled: yes
state: started
- name: Certificates | Debian | LetsEncrypt Certbot | Running renewal
ansible.builtin.command: 'certbot renew --force-renewal'
when: CERT_CONFIG.letsencrypt.renew
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink