certbot: Add missing config file and lint fixes

2020-08-27 21:14:36 +03:00 · 2020-08-27 21:14:36 +03:00 · 602cc4dfc6
commit 602cc4dfc6
parent b81950c5b2
3 changed files with 24 additions and 1 deletions
--- a/roles/certbot/files/cli.ini
+++ b/roles/certbot/files/cli.ini
@ -0,0 +1,14 @@
+# Use 4096 bit RSA keys
+rsa-key-size = 4096
+
+# Use text interface instead of ncurses/dialog
+text = True
+
+# Custom work and log directory
+config-dir = /srv/letsencrypt
+work-dir = /srv/letsencrypt
+logs-dir = /srv/letsencrypt/log
+
+# Use webroot for authenticator
+authenticator = webroot
+webroot-path = /srv/web/certbot.home.foo.sh
--- a/roles/certbot/meta/main.yml
+++ b/roles/certbot/meta/main.yml
@ -1,3 +1,3 @@
 ---
 dependencies:
-  - { role: nginx/server }
+  - {role: nginx/server}
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -56,3 +56,12 @@
    owner: root
    group: "{{ ansible_wheel }}"
    state: link
+    follow: false
+
+- name: create certbot config
+  copy:
+    dest: /etc/letsencrypt/cli.ini
+    src: cli.ini
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"