Merge pull request 'Merge staging to main' (#3) from staging into main

Reviewed-on: #3
Reviewed-by: meaz <meaz@no-reply@disroot.org>

handlers/main.yml

@@ -9,3 +9,15 @@
     name: nginx
     state: reloaded
 
+- name: reload prosdy
+  systemd:
+    name: prosody
+    state: reloaded
+
+- name: reload mumble
+  systemd:
+    name: mumble-server
+    state: restarted
+
+
+

tasks/cert.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: '[CERT] - Generate or renew certificates'
-  command: /usr/bin/certbot certonly --key-type ecdsa --agree-tos --keep-until-expiring --non-interactive --webroot --webroot-path {{ letsencrypt_webroot_path }} -m {{ letsencrypt_email }} --domains {{ item.name }} --cert-name {{ item.name }} {{ '--reuse-key = true' if item.reuse_key is defined else '' }} --preferred-chain "ISRG Root X1" {{ '--force-renewal' if item.force_renewal is defined else '' }}
+  command: /usr/bin/certbot certonly --key-type ecdsa --agree-tos --keep-until-expiring --non-interactive --webroot --webroot-path {{ letsencrypt_webroot_path }} -m {{ letsencrypt_email }} --domains {{ item.name }} --cert-name {{ item.name }} {{ '--reuse-key' if item.reuse_key is defined else '' }} --preferred-chain "ISRG Root X1" {{ '--force-renewal' if item.force_renewal is defined else '' }}
   with_items: "{{ letsencrypt_domains }}"
   notify:
     - reload nginx

tasks/client.yml

@@ -8,6 +8,7 @@
     - python3-venv
     - libaugeas0
     - ca-certificates
+    - virtualenv
 
 - name: '[CERTBOT] - Create app dir'
   file:

tasks/copy_ssl.yml

@@ -1,20 +1,39 @@
 ---
 
-- name: '[COPY SSL] - Fetch SSL Certificates'
+- name: '[COPY SSL] - Fetch Certificates'
   synchronize: 
     mode: pull 
-    src: '/etc/letsencrypt/' 
+    src: '/etc/letsencrypt/live' 
     dest: '/etc/ansible/ssl/{{ inventory_hostname }}'
+    copy_links: 'true'
   when: install_letsencrypt == 'true'
   notify:
     - reload nginx
 
-
-- name: '[COPY SSL] - Copy SSL certificates to containers behind proxy'
-  synchronize: 
-    src: '/etc/ansible/ssl/{{ item.name }}/' 
-    dest: '/etc/letsencrypt/'
+- name: '[COPY CERTS] - Make sure direcotry permissions to cert path is correct'
+  file:
+    path: '/etc/letsencrypt/live/{{ item.domain }}'
+    state: 'directory'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
   when: letsencrypt_copy_certs == 'true'
-  with_items: '{{ letsencrypt_copy_cert_from }}'
+  loop: '{{ letsencrypt_copy_cert_from }}'
+
+- name: '[COPY CERTS] - Copy certs archive to webservers'
+  synchronize: 
+    src: '/etc/ansible/ssl/{{ item.server }}/live/{{ item.domain }}' 
+    dest: '/etc/letsencrypt/live/'
+    copy_links: 'true'
+  when: letsencrypt_copy_certs == 'true'
+  loop: '{{ letsencrypt_copy_cert_from }}'
   notify:
-    - reload nginx
+    - reload {{ item.service }}
+ 
+- name: '[COPY CERTS] - Make sure direcotry permissions to cert path is correct'
+  file:
+    dest: '/etc/letsencrypt/live/{{ item.domain }}'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
+    recurse: 'yes'
+  when: letsencrypt_copy_certs == 'true'
+  loop: '{{ letsencrypt_copy_cert_from }}'