From 21c1c90ef301470647361f11f630f4cc32885ac6 Mon Sep 17 00:00:00 2001 From: Alexander Dietrich Date: Wed, 25 Mar 2020 16:59:42 +0100 Subject: [PATCH] Update certbot role, add Jitsi host --- inventory/hosts | 1 + roles/certbot/files/cli.ini | 5 +++-- roles/certbot/files/reload-nginx | 2 +- roles/certbot/tasks/main.yml | 33 +++++++------------------------- 4 files changed, 12 insertions(+), 29 deletions(-) diff --git a/inventory/hosts b/inventory/hosts index 18b1e88..e139240 100644 --- a/inventory/hosts +++ b/inventory/hosts @@ -5,6 +5,7 @@ srv01 ansible_host=srv01.hamburg.freifunk.net srv03 ansible_host=srv03.hamburg.freifunk.net [certbot] +jitsi srv01 #srv02 diff --git a/roles/certbot/files/cli.ini b/roles/certbot/files/cli.ini index a0d3cc3..c08b252 100644 --- a/roles/certbot/files/cli.ini +++ b/roles/certbot/files/cli.ini @@ -1,5 +1,6 @@ -# All flags used by the client can be configured here. Run Certbot with -# "--help" to learn more about the available options. +# Because we are using logrotate for greater flexibility, disable the +# internal certbot logrotation. +max-log-backups = 0 email = backend@hamburg.freifunk.net rsa-key-size = 4096 diff --git a/roles/certbot/files/reload-nginx b/roles/certbot/files/reload-nginx index a6f8b6f..aaaaf79 100644 --- a/roles/certbot/files/reload-nginx +++ b/roles/certbot/files/reload-nginx @@ -2,4 +2,4 @@ PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin" -service nginx reload +systemctl reload nginx diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index e6ebc6e..f40f37e 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -1,38 +1,19 @@ --- -- name: create directories +- name: install certbot + apt: + name: certbot + cache_valid_time: 86400 + +- name: create webroot directory file: - path: "{{ item }}" + path: /var/www/_acme-challenge state: directory - with_items: - - /etc/letsencrypt/renewal-hooks/deploy - - /etc/letsencrypt/renewal-hooks/post - - /etc/letsencrypt/renewal-hooks/pre - - /var/www/_acme-challenge - -- name: check for certbot-auto - stat: - path: /usr/local/sbin/certbot-auto - register: certbot - -- name: download certbot-auto - get_url: - url: "https://dl.eff.org/certbot-auto" - dest: /usr/local/sbin - mode: 0755 - when: not certbot.stat.exists - name: copy cli.ini copy: src: cli.ini dest: /etc/letsencrypt/ -- name: create renewal cronjob - cron: - name: "Let's Encrypt certificate renewal" - job: /usr/local/sbin/certbot-auto renew -q - hour: "6" - minute: "0" - - name: populate service facts service_facts: