diff --git a/inventory/hosts b/inventory/hosts index 18b1e88..e139240 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -5,6 +5,7 @@ srv01 ansible_host=srv01.hamburg.freifunk.net srv03 ansible_host=srv03.hamburg.freifunk.net [certbot] +jitsi srv01 #srv02 diff --git a/roles/certbot/files/cli.ini b/roles/certbot/files/cli.ini index a0d3cc3..c08b252 100644 --- a/roles/certbot/files/cli.ini +++ b/roles/certbot/files/cli.ini @@ -1,5 +1,6 @@ -# All flags used by the client can be configured here. Run Certbot with -# "--help" to learn more about the available options. +# Because we are using logrotate for greater flexibility, disable the +# internal certbot logrotation. +max-log-backups = 0 email = backend@hamburg.freifunk.net rsa-key-size = 4096 diff --git a/roles/certbot/files/reload-nginx b/roles/certbot/files/reload-nginx index a6f8b6f..aaaaf79 100644 --- a/roles/certbot/files/reload-nginx +++ b/roles/certbot/files/reload-nginx @@ -2,4 +2,4 @@ PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin" -service nginx reload +systemctl reload nginx diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index e6ebc6e..f40f37e 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -1,38 +1,19 @@ --- -- name: create directories +- name: install certbot + apt: + name: certbot + cache_valid_time: 86400 + +- name: create webroot directory file: - path: "{{ item }}" + path: /var/www/_acme-challenge state: directory - with_items: - - /etc/letsencrypt/renewal-hooks/deploy - - /etc/letsencrypt/renewal-hooks/post - - /etc/letsencrypt/renewal-hooks/pre - - /var/www/_acme-challenge - -- name: check for certbot-auto - stat: - path: /usr/local/sbin/certbot-auto - register: certbot - -- name: download certbot-auto - get_url: - url: "https://dl.eff.org/certbot-auto" - dest: /usr/local/sbin - mode: 0755 - when: not certbot.stat.exists - name: copy cli.ini copy: src: cli.ini dest: /etc/letsencrypt/ -- name: create renewal cronjob - cron: - name: "Let's Encrypt certificate renewal" - job: /usr/local/sbin/certbot-auto renew -q - hour: "6" - minute: "0" - - name: populate service facts service_facts: