Add letsrenew role
This commit is contained in:
parent
84799fc22b
commit
cee2fde3ac
6 changed files with 87 additions and 6 deletions
12
basics.yml
12
basics.yml
|
@ -1,7 +1,11 @@
|
|||
---
|
||||
- hosts: all
|
||||
roles:
|
||||
- role: basics
|
||||
tags: basics
|
||||
- role: ffhh-basics
|
||||
tags: basics
|
||||
- basics
|
||||
- ffhh-basics
|
||||
tags: basics
|
||||
|
||||
- hosts: letsrenew
|
||||
roles:
|
||||
- letsrenew
|
||||
tags: letsrenew
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
letsrenew_email: alexander@hamburg.freifunk.net
|
||||
letsrenew_webroot: /var/www/mail
|
||||
nginx_resolver: 80.252.105.162 80.252.105.194
|
||||
|
|
|
@ -1,8 +1,13 @@
|
|||
[services]
|
||||
[ffhh]
|
||||
srv01 ansible_host=srv01.hamburg.freifunk.net
|
||||
srv03 ansible_host=srv03.hamburg.freifunk.net
|
||||
srv04 ansible_host=srv04.hamburg.freifunk.net
|
||||
|
||||
[ffhh]
|
||||
[letsrenew]
|
||||
srv01
|
||||
srv04
|
||||
|
||||
[services]
|
||||
srv03
|
||||
srv04
|
||||
|
||||
|
|
3
roles/letsrenew/defaults/main.yml
Normal file
3
roles/letsrenew/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
letsrenew_email: ""
|
||||
letsrenew_webroot: /var/www/letsencrypt
|
40
roles/letsrenew/tasks/main.yml
Normal file
40
roles/letsrenew/tasks/main.yml
Normal file
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
- name: create /opt/certbot
|
||||
file:
|
||||
path: /opt/certbot
|
||||
mode: 0750
|
||||
state: directory
|
||||
|
||||
- name: download certbot
|
||||
get_url:
|
||||
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-auto
|
||||
dest: /opt/certbot/certbot-auto
|
||||
mode: 0550
|
||||
|
||||
- name: create webroot path
|
||||
file:
|
||||
path: "{{ letsrenew_webroot }}"
|
||||
state: directory
|
||||
|
||||
- name: create /etc/letsencrypt
|
||||
file:
|
||||
path: /etc/letsencrypt
|
||||
state: directory
|
||||
|
||||
- name: template cli.ini
|
||||
template:
|
||||
src: cli.ini.j2
|
||||
dest: /etc/letsencrypt/cli.ini
|
||||
|
||||
- name: clone letsrenew
|
||||
git:
|
||||
repo: https://github.com/7adietri/letsrenew.git
|
||||
dest: /opt/letsrenew
|
||||
|
||||
- name: create cronjob
|
||||
cron:
|
||||
name: "Let's Encrypt certificate renewal"
|
||||
job: "/opt/letsrenew/letsrenew {{ letsrenew_email }} /opt/certbot/certbot-auto"
|
||||
minute: 0
|
||||
hour: 6
|
||||
weekday: 1
|
27
roles/letsrenew/templates/cli.ini.j2
Normal file
27
roles/letsrenew/templates/cli.ini.j2
Normal file
|
@ -0,0 +1,27 @@
|
|||
agree-tos = True
|
||||
non-interactive = True
|
||||
renew-by-default = True
|
||||
text = True
|
||||
|
||||
# All flags used by the client can be configured here. Run Certbot with
|
||||
# "--help" to learn more about the available options.
|
||||
#
|
||||
# Note that these options apply automatically to all use of Certbot for
|
||||
# obtaining or renewing certificates, so options specific to a single
|
||||
# certificate on a system with several certificates should not be placed
|
||||
# here.
|
||||
|
||||
# Use a 4096 bit RSA key instead of 2048
|
||||
rsa-key-size = 4096
|
||||
|
||||
# Uncomment and update to register with the specified e-mail address
|
||||
email = backend@hamburg.freifunk.net
|
||||
|
||||
# Uncomment to use the standalone authenticator on port 443
|
||||
# authenticator = standalone
|
||||
# standalone-supported-challenges = tls-sni-01
|
||||
|
||||
# Uncomment to use the webroot authenticator. Replace webroot-path with the
|
||||
# path to the public_html / webroot folder being served by your web server.
|
||||
authenticator = webroot
|
||||
webroot-path = {{ letsrenew_webroot }}
|
Loading…
Reference in a new issue