From 66afa8879e1e26fc3642d460e5c8cfee57b2e819 Mon Sep 17 00:00:00 2001 From: Alexander Dietrich Date: Sat, 3 Nov 2018 17:38:00 +0100 Subject: [PATCH] Add certbot role --- roles/certbot/files/cli.ini | 12 ++++++++++ roles/certbot/files/reload-nginx | 5 +++++ roles/certbot/tasks/main.yml | 38 ++++++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 roles/certbot/files/cli.ini create mode 100644 roles/certbot/files/reload-nginx create mode 100644 roles/certbot/tasks/main.yml diff --git a/roles/certbot/files/cli.ini b/roles/certbot/files/cli.ini new file mode 100644 index 0000000..a0d3cc3 --- /dev/null +++ b/roles/certbot/files/cli.ini @@ -0,0 +1,12 @@ +# All flags used by the client can be configured here. Run Certbot with +# "--help" to learn more about the available options. + +email = backend@hamburg.freifunk.net +rsa-key-size = 4096 + +authenticator = webroot +webroot-path = /var/www/_acme-challenge + +agree-tos = True +non-interactive = True +text = True diff --git a/roles/certbot/files/reload-nginx b/roles/certbot/files/reload-nginx new file mode 100644 index 0000000..a6f8b6f --- /dev/null +++ b/roles/certbot/files/reload-nginx @@ -0,0 +1,5 @@ +#!/bin/bash + +PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin" + +service nginx reload diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml new file mode 100644 index 0000000..d03886f --- /dev/null +++ b/roles/certbot/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: create directories + file: + path: "{{ item }}" + state: directory + with_items: + - /etc/letsencrypt/renewal-hooks/deploy + - /etc/letsencrypt/renewal-hooks/post + - /etc/letsencrypt/renewal-hooks/pre + - /var/www/_acme-challenge + +- name: download certbot-auto + get_url: + url: "https://dl.eff.org/certbot-auto" + dest: /usr/local/sbin + mode: 0755 + +- name: copy cli.ini + copy: + src: cli.ini + dest: /etc/letsencrypt/ + +- name: create renewal cronjob + cron: + name: "Let's Encrypt certificate renewal" + job: /usr/local/sbin/certbot-auto renew -q + hour: 6 + minute: 0 + +- name: populate service facts + service_facts: + +- name: copy reload-nginx hook + copy: + src: reload-nginx + dest: /etc/letsencrypt/renewal-hooks/post/ + mode: 0755 + when: "'nginx' in services"