From 5e1f521eb675bf17e91f0f455e76e66ee19710d0 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Thu, 27 Aug 2020 20:50:57 +0300 Subject: [PATCH] certbot: Initial version of role --- roles/certbot/meta/main.yml | 3 ++ roles/certbot/tasks/main.yml | 58 ++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 roles/certbot/meta/main.yml create mode 100644 roles/certbot/tasks/main.yml diff --git a/roles/certbot/meta/main.yml b/roles/certbot/meta/main.yml new file mode 100644 index 0000000..1a57416 --- /dev/null +++ b/roles/certbot/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: nginx/server } diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml new file mode 100644 index 0000000..87a52fa --- /dev/null +++ b/roles/certbot/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- name: check support + fail: + msg: Role not supported in your system + when: ansible_os_family != "RedHat" + +- name: install certbot packages + package: + name: certbot + state: installed + +- name: create certbot group + group: + name: certbot + gid: 1002 + +- name: create certbot user + user: + name: certbot + comment: Service Certbot + createhome: false + group: certbot + home: /var/empty + shell: /sbin/nologin + uid: 1002 + +- name: add certbot nginx site + include_role: + name: nginx/site + vars: + site: certbot.home.foo.sh + +- name: create certbot .well-known directory + file: + path: /srv/web/certbot.home.foo.sh/.well-known + owner: root + group: "{{ ansible_wheel }}" + mode: 0755 + state: directory + +- name: create certbot directories + file: + path: "{{ item }}" + owner: root + group: certbot + mode: 0775 + state: directory + with_items: + - /srv/web/certbot.home.foo.sh/.well-known/acme-challenge + - /export/letsencrypt + +- name: link certbot datadirectory + file: + src: /export/letsencrypt + dest: /srv/letsencrypt + owner: root + group: "{{ ansible_wheel }}" + state: link