Add certbot role
This commit is contained in:
parent
a0da1ff4df
commit
66afa8879e
12
roles/certbot/files/cli.ini
Normal file
12
roles/certbot/files/cli.ini
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# All flags used by the client can be configured here. Run Certbot with
|
||||||
|
# "--help" to learn more about the available options.
|
||||||
|
|
||||||
|
email = backend@hamburg.freifunk.net
|
||||||
|
rsa-key-size = 4096
|
||||||
|
|
||||||
|
authenticator = webroot
|
||||||
|
webroot-path = /var/www/_acme-challenge
|
||||||
|
|
||||||
|
agree-tos = True
|
||||||
|
non-interactive = True
|
||||||
|
text = True
|
5
roles/certbot/files/reload-nginx
Normal file
5
roles/certbot/files/reload-nginx
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
|
||||||
|
|
||||||
|
service nginx reload
|
38
roles/certbot/tasks/main.yml
Normal file
38
roles/certbot/tasks/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: create directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- /etc/letsencrypt/renewal-hooks/deploy
|
||||||
|
- /etc/letsencrypt/renewal-hooks/post
|
||||||
|
- /etc/letsencrypt/renewal-hooks/pre
|
||||||
|
- /var/www/_acme-challenge
|
||||||
|
|
||||||
|
- name: download certbot-auto
|
||||||
|
get_url:
|
||||||
|
url: "https://dl.eff.org/certbot-auto"
|
||||||
|
dest: /usr/local/sbin
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: copy cli.ini
|
||||||
|
copy:
|
||||||
|
src: cli.ini
|
||||||
|
dest: /etc/letsencrypt/
|
||||||
|
|
||||||
|
- name: create renewal cronjob
|
||||||
|
cron:
|
||||||
|
name: "Let's Encrypt certificate renewal"
|
||||||
|
job: /usr/local/sbin/certbot-auto renew -q
|
||||||
|
hour: 6
|
||||||
|
minute: 0
|
||||||
|
|
||||||
|
- name: populate service facts
|
||||||
|
service_facts:
|
||||||
|
|
||||||
|
- name: copy reload-nginx hook
|
||||||
|
copy:
|
||||||
|
src: reload-nginx
|
||||||
|
dest: /etc/letsencrypt/renewal-hooks/post/
|
||||||
|
mode: 0755
|
||||||
|
when: "'nginx' in services"
|
Loading…
Reference in a new issue