Add letsrenew role

This commit is contained in:
Alexander Dietrich 2017-10-03 16:05:22 +02:00
parent 84799fc22b
commit cee2fde3ac
6 changed files with 87 additions and 6 deletions

View file

@ -1,7 +1,11 @@
---
- hosts: all
roles:
- role: basics
tags: basics
- role: ffhh-basics
tags: basics
- basics
- ffhh-basics
tags: basics
- hosts: letsrenew
roles:
- letsrenew
tags: letsrenew

View file

@ -1 +1,3 @@
letsrenew_email: alexander@hamburg.freifunk.net
letsrenew_webroot: /var/www/mail
nginx_resolver: 80.252.105.162 80.252.105.194

View file

@ -1,8 +1,13 @@
[services]
[ffhh]
srv01 ansible_host=srv01.hamburg.freifunk.net
srv03 ansible_host=srv03.hamburg.freifunk.net
srv04 ansible_host=srv04.hamburg.freifunk.net
[ffhh]
[letsrenew]
srv01
srv04
[services]
srv03
srv04

View file

@ -0,0 +1,3 @@
---
letsrenew_email: ""
letsrenew_webroot: /var/www/letsencrypt

View file

@ -0,0 +1,40 @@
---
- name: create /opt/certbot
file:
path: /opt/certbot
mode: 0750
state: directory
- name: download certbot
get_url:
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-auto
dest: /opt/certbot/certbot-auto
mode: 0550
- name: create webroot path
file:
path: "{{ letsrenew_webroot }}"
state: directory
- name: create /etc/letsencrypt
file:
path: /etc/letsencrypt
state: directory
- name: template cli.ini
template:
src: cli.ini.j2
dest: /etc/letsencrypt/cli.ini
- name: clone letsrenew
git:
repo: https://github.com/7adietri/letsrenew.git
dest: /opt/letsrenew
- name: create cronjob
cron:
name: "Let's Encrypt certificate renewal"
job: "/opt/letsrenew/letsrenew {{ letsrenew_email }} /opt/certbot/certbot-auto"
minute: 0
hour: 6
weekday: 1

View file

@ -0,0 +1,27 @@
agree-tos = True
non-interactive = True
renew-by-default = True
text = True
# All flags used by the client can be configured here. Run Certbot with
# "--help" to learn more about the available options.
#
# Note that these options apply automatically to all use of Certbot for
# obtaining or renewing certificates, so options specific to a single
# certificate on a system with several certificates should not be placed
# here.
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Uncomment and update to register with the specified e-mail address
email = backend@hamburg.freifunk.net
# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
authenticator = webroot
webroot-path = {{ letsrenew_webroot }}