Add certbot role
This commit is contained in:
parent
a0da1ff4df
commit
66afa8879e
12
roles/certbot/files/cli.ini
Normal file
12
roles/certbot/files/cli.ini
Normal file
|
@ -0,0 +1,12 @@
|
|||
# All flags used by the client can be configured here. Run Certbot with
|
||||
# "--help" to learn more about the available options.
|
||||
|
||||
email = backend@hamburg.freifunk.net
|
||||
rsa-key-size = 4096
|
||||
|
||||
authenticator = webroot
|
||||
webroot-path = /var/www/_acme-challenge
|
||||
|
||||
agree-tos = True
|
||||
non-interactive = True
|
||||
text = True
|
5
roles/certbot/files/reload-nginx
Normal file
5
roles/certbot/files/reload-nginx
Normal file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
|
||||
|
||||
service nginx reload
|
38
roles/certbot/tasks/main.yml
Normal file
38
roles/certbot/tasks/main.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: create directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- /etc/letsencrypt/renewal-hooks/deploy
|
||||
- /etc/letsencrypt/renewal-hooks/post
|
||||
- /etc/letsencrypt/renewal-hooks/pre
|
||||
- /var/www/_acme-challenge
|
||||
|
||||
- name: download certbot-auto
|
||||
get_url:
|
||||
url: "https://dl.eff.org/certbot-auto"
|
||||
dest: /usr/local/sbin
|
||||
mode: 0755
|
||||
|
||||
- name: copy cli.ini
|
||||
copy:
|
||||
src: cli.ini
|
||||
dest: /etc/letsencrypt/
|
||||
|
||||
- name: create renewal cronjob
|
||||
cron:
|
||||
name: "Let's Encrypt certificate renewal"
|
||||
job: /usr/local/sbin/certbot-auto renew -q
|
||||
hour: 6
|
||||
minute: 0
|
||||
|
||||
- name: populate service facts
|
||||
service_facts:
|
||||
|
||||
- name: copy reload-nginx hook
|
||||
copy:
|
||||
src: reload-nginx
|
||||
dest: /etc/letsencrypt/renewal-hooks/post/
|
||||
mode: 0755
|
||||
when: "'nginx' in services"
|
Loading…
Reference in a new issue