alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Use dynamic include_tasks for Let's Encrypt

Browse Source 
Use dynamic includes instead of static imports when you are running
tasks conditionally or using variable interpolation. The down side
is that you need to then tag the parent task as well as all child
tasks, as tags only apply to children of statically imported tasks.
This commit is contained in:
Alan Orth 2018-04-25 20:03:32 +03:00
parent ebda406de3
commit e50f413f5e
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/nginx/tasks/letsencrypt.yml
View File

@ -2,16 +2,20 @@
- name: Copy systemd service to renew Let's Encrypt certs - name: Copy systemd service to renew Let's Encrypt certs
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
tags: letsencrypt
- name: Copy systemd timer to renew Let's Encrypt certs - name: Copy systemd timer to renew Let's Encrypt certs
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
tags: letsencrypt
# always issues daemon-reload just in case the server/timer changed # always issues daemon-reload just in case the server/timer changed
- name: Start and enable systemd timer to renew Let's Encrypt certs - name: Start and enable systemd timer to renew Let's Encrypt certs
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
tags: letsencrypt
- name: Download certbot - name: Download certbot
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700 get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
tags: letsencrypt
- name: Install certbot dependencies (Ubuntu 16.04) - name: Install certbot dependencies (Ubuntu 16.04)
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==') when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')

2
roles/nginx/tasks/vhosts.yml
View File

@ -32,7 +32,7 @@
loop: "{{ nginx_vhosts }}" loop: "{{ nginx_vhosts }}"
tags: wordpress tags: wordpress
- import_tasks: letsencrypt.yml - include_tasks: letsencrypt.yml
when: use_letsencrypt is defined and use_letsencrypt == True when: use_letsencrypt is defined and use_letsencrypt == True
tags: letsencrypt tags: letsencrypt