Compare commits
7 Commits
0b430bde6a
...
54a3483872
Author | SHA1 | Date |
---|---|---|
muppeth | 54a3483872 | |
muppeth | 9c585c643a | |
muppeth | acfd101148 | |
muppeth | 6b11e05f63 | |
muppeth | 26793093a0 | |
muppeth | 659818149d | |
muppeth | 9b71c5754f |
|
@ -9,3 +9,15 @@
|
|||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: reload prosdy
|
||||
systemd:
|
||||
name: prosody
|
||||
state: reloaded
|
||||
|
||||
- name: reload mumble
|
||||
systemd:
|
||||
name: mumble-server
|
||||
state: restarted
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: '[CERT] - Generate or renew certificates'
|
||||
command: /usr/bin/certbot certonly --key-type ecdsa --agree-tos --keep-until-expiring --non-interactive --webroot --webroot-path {{ letsencrypt_webroot_path }} -m {{ letsencrypt_email }} --domains {{ item.name }} --cert-name {{ item.name }} {{ '--reuse-key = true' if item.reuse_key is defined else '' }} --preferred-chain "ISRG Root X1" {{ '--force-renewal' if item.force_renewal is defined else '' }}
|
||||
command: /usr/bin/certbot certonly --key-type ecdsa --agree-tos --keep-until-expiring --non-interactive --webroot --webroot-path {{ letsencrypt_webroot_path }} -m {{ letsencrypt_email }} --domains {{ item.name }} --cert-name {{ item.name }} {{ '--reuse-key' if item.reuse_key is defined else '' }} --preferred-chain "ISRG Root X1" {{ '--force-renewal' if item.force_renewal is defined else '' }}
|
||||
with_items: "{{ letsencrypt_domains }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
- python3-venv
|
||||
- libaugeas0
|
||||
- ca-certificates
|
||||
- virtualenv
|
||||
|
||||
- name: '[CERTBOT] - Create app dir'
|
||||
file:
|
||||
|
|
|
@ -1,20 +1,39 @@
|
|||
---
|
||||
|
||||
- name: '[COPY SSL] - Fetch SSL Certificates'
|
||||
- name: '[COPY SSL] - Fetch Certificates'
|
||||
synchronize:
|
||||
mode: pull
|
||||
src: '/etc/letsencrypt/'
|
||||
src: '/etc/letsencrypt/live'
|
||||
dest: '/etc/ansible/ssl/{{ inventory_hostname }}'
|
||||
copy_links: 'true'
|
||||
when: install_letsencrypt == 'true'
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
|
||||
- name: '[COPY SSL] - Copy SSL certificates to containers behind proxy'
|
||||
synchronize:
|
||||
src: '/etc/ansible/ssl/{{ item.name }}/'
|
||||
dest: '/etc/letsencrypt/'
|
||||
- name: '[COPY CERTS] - Make sure direcotry permissions to cert path is correct'
|
||||
file:
|
||||
path: '/etc/letsencrypt/live/{{ item.domain }}'
|
||||
state: 'directory'
|
||||
owner: '{{ item.owner }}'
|
||||
group: '{{ item.group }}'
|
||||
when: letsencrypt_copy_certs == 'true'
|
||||
with_items: '{{ letsencrypt_copy_cert_from }}'
|
||||
loop: '{{ letsencrypt_copy_cert_from }}'
|
||||
|
||||
- name: '[COPY CERTS] - Copy certs archive to webservers'
|
||||
synchronize:
|
||||
src: '/etc/ansible/ssl/{{ item.server }}/live/{{ item.domain }}'
|
||||
dest: '/etc/letsencrypt/live/'
|
||||
copy_links: 'true'
|
||||
when: letsencrypt_copy_certs == 'true'
|
||||
loop: '{{ letsencrypt_copy_cert_from }}'
|
||||
notify:
|
||||
- reload nginx
|
||||
- reload {{ item.service }}
|
||||
|
||||
- name: '[COPY CERTS] - Make sure direcotry permissions to cert path is correct'
|
||||
file:
|
||||
dest: '/etc/letsencrypt/live/{{ item.domain }}'
|
||||
owner: '{{ item.owner }}'
|
||||
group: '{{ item.group }}'
|
||||
recurse: 'yes'
|
||||
when: letsencrypt_copy_certs == 'true'
|
||||
loop: '{{ letsencrypt_copy_cert_from }}'
|
||||
|
|
Loading…
Reference in New Issue