87 lines
2.2 KiB
YAML
87 lines
2.2 KiB
YAML
---
|
|
- name: Create Let's Encrypt system group
|
|
group:
|
|
name: '{{ certbot__group }}'
|
|
system: true
|
|
|
|
- name: Install Certbot
|
|
apt:
|
|
name: certbot
|
|
|
|
- name: Create directories for Let's Encrypt configuration
|
|
file:
|
|
state: directory
|
|
path: '{{ item }}'
|
|
mode: 'u=rwx,go=rx'
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- '{{ certbot__conf_dir }}'
|
|
- '{{ certbot__archive_dir }}'
|
|
- '{{ certbot__archive_dir }}/{{ certbot__cert_name }}'
|
|
- '{{ certbot__live_dir }}'
|
|
- '{{ certbot__live_dir }}/{{ certbot__cert_name }}'
|
|
|
|
- name: Install Let's Encrypt config
|
|
template:
|
|
src: templates/cli.ini
|
|
dest: '{{ certbot__conf_cli }}'
|
|
mode: 'u=rw,go=r'
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Install Nginx SSL options
|
|
template:
|
|
src: templates/options-ssl-nginx.conf
|
|
dest: '{{ certbot__conf_nginx }}'
|
|
mode: 'u=rw,go=r'
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Obtain Let's Encrypt certificate
|
|
command: 'certbot certonly'
|
|
register: certbot__result
|
|
when: certbot__run|bool
|
|
changed_when: >-
|
|
certbot__result.stdout is
|
|
not search('Certificate not yet due for renewal; no action taken.')
|
|
|
|
- name: Find Let's Encrypt certificates and chains
|
|
register: certs_and_chains
|
|
find:
|
|
paths: '{{ certbot__archive_dir }}/{{ certbot__cert_name }}'
|
|
patterns:
|
|
- 'cert*.pem'
|
|
- 'chain*.pem'
|
|
- 'fullchain*.pem'
|
|
|
|
- name: Find Let's Encrypt private keys
|
|
register: privkeys
|
|
find:
|
|
paths: '{{ certbot__archive_dir }}/{{ certbot__cert_name }}'
|
|
patterns: 'privkey*.pem'
|
|
|
|
- name: Display Let's Encrypt certificates and chains
|
|
debug:
|
|
msg: "{{ certs_and_chains.files | map(attribute='path') | list }}"
|
|
|
|
- name: Display Let's Encrypt private keys
|
|
debug:
|
|
msg: "{{ privkeys.files | map(attribute='path') | list }}"
|
|
|
|
- name: Change group of Let's Encrypt certificates and chains
|
|
file:
|
|
path: '{{ item }}'
|
|
mode: 'u=rw,go=r'
|
|
owner: root
|
|
group: root
|
|
with_items: "{{ certs_and_chains.files | map(attribute='path') | list }}"
|
|
|
|
- name: Change group of Let's Encrypt private keys
|
|
file:
|
|
path: '{{ item }}'
|
|
mode: 'u=rw,g=r,o='
|
|
owner: root
|
|
group: '{{ certbot__group }}'
|
|
with_items: "{{ privkeys.files | map(attribute='path') | list }}"
|