Add certbot role

This commit is contained in:
Alexander Dietrich 2018-11-03 17:38:00 +01:00
parent a0da1ff4df
commit 66afa8879e
3 changed files with 55 additions and 0 deletions

View file

@ -0,0 +1,12 @@
# All flags used by the client can be configured here. Run Certbot with
# "--help" to learn more about the available options.
email = backend@hamburg.freifunk.net
rsa-key-size = 4096
authenticator = webroot
webroot-path = /var/www/_acme-challenge
agree-tos = True
non-interactive = True
text = True

View file

@ -0,0 +1,5 @@
#!/bin/bash
PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
service nginx reload

View file

@ -0,0 +1,38 @@
---
- name: create directories
file:
path: "{{ item }}"
state: directory
with_items:
- /etc/letsencrypt/renewal-hooks/deploy
- /etc/letsencrypt/renewal-hooks/post
- /etc/letsencrypt/renewal-hooks/pre
- /var/www/_acme-challenge
- name: download certbot-auto
get_url:
url: "https://dl.eff.org/certbot-auto"
dest: /usr/local/sbin
mode: 0755
- name: copy cli.ini
copy:
src: cli.ini
dest: /etc/letsencrypt/
- name: create renewal cronjob
cron:
name: "Let's Encrypt certificate renewal"
job: /usr/local/sbin/certbot-auto renew -q
hour: 6
minute: 0
- name: populate service facts
service_facts:
- name: copy reload-nginx hook
copy:
src: reload-nginx
dest: /etc/letsencrypt/renewal-hooks/post/
mode: 0755
when: "'nginx' in services"