67 lines
1.4 KiB
YAML
67 lines
1.4 KiB
YAML
---
|
|
- name: Install certbot packages
|
|
ansible.builtin.package:
|
|
name: certbot
|
|
state: installed
|
|
|
|
- name: Create certbot group
|
|
ansible.builtin.group:
|
|
name: certbot
|
|
gid: 1002
|
|
|
|
- name: Create certbot user
|
|
ansible.builtin.user:
|
|
name: certbot
|
|
comment: Service Certbot
|
|
createhome: false
|
|
group: certbot
|
|
home: /var/empty
|
|
shell: /sbin/nologin
|
|
uid: 1002
|
|
|
|
- name: Add certbot nginx site
|
|
ansible.builtin.include_role:
|
|
name: nginx_site
|
|
vars:
|
|
site: certbot.home.foo.sh
|
|
|
|
- name: Create certbot .well-known directory
|
|
ansible.builtin.file:
|
|
path: /srv/web/certbot.home.foo.sh/.well-known
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
mode: "0755"
|
|
state: directory
|
|
|
|
- name: Create certbot directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: certbot
|
|
mode: "0775"
|
|
state: directory
|
|
with_items:
|
|
- /srv/web/certbot.home.foo.sh/.well-known/acme-challenge
|
|
- /export/letsencrypt
|
|
|
|
- name: Link certbot datadirectory
|
|
ansible.builtin.file:
|
|
src: /export/letsencrypt
|
|
dest: /srv/letsencrypt
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
state: link
|
|
follow: false
|
|
|
|
- name: Create certbot config
|
|
ansible.builtin.copy:
|
|
dest: /etc/letsencrypt/cli.ini
|
|
src: cli.ini
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Disable timer
|
|
ansible.builtin.systemd:
|
|
name: certbot-renew.timer
|
|
enabled: false
|