alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
7b395c4039
ansible-personal/roles/nginx/tasks/letsencrypt.yml
Alan Orth 6208d1518c
roles/nginx: Use set_fact to set certbot dependencies 
Instead of looping over a list of items to install, we can actually
just give a list directly to the apt module. This allows the module
to install all packages in one transaction, which is faster as well
as slightly safer for some dependency resolution scenarios.
2018-04-26 19:48:05 +03:00

165 lines
4.5 KiB
YAML
Raw Blame History

---
- block:
- name: Copy systemd service to renew Let's Encrypt certs
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
- name: Copy systemd timer to renew Let's Encrypt certs
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
# always issues daemon-reload just in case the server/timer changed
- name: Start and enable systemd timer to renew Let's Encrypt certs
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
- name: Download certbot
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
# Dependencies certbot checks for on its first run. I set them in a fact so that
# I can pass the list directly to the apt module to install in one transaction.
- name: Set certbot dependencies (Debian 9)
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
set_fact:
certbot_dependencies:
- augeas-doc
- augeas-tools
- autoconf
- automake
- binutils
- bison
- cpp
- cpp-6
- flex
- gcc-6
- gcc-doc
- gcc-multilib
- gdb
- libasan3
- libatomic1
- libc-dev-bin
- libc6-dev
- libcc1-0
- libcilkrts5
- libexpat1-dev
- libffi-dev
- libgcc-6-dev
- libgomp1
- libisl15
- libitm1
- liblsan0
- libmpc3
- libmpx2
- libpython-dev
- libpython2.7
- libpython2.7-dev
- libquadmath0
- libssl-dev
- libtool
- libtsan0
- libubsan0
- linux-libc-dev
- make
- python-dev
- python-pip-whl
- python-pkg-resources
- python-virtualenv
- python2.7-dev
- python3-virtualenv
- virtualenv
# Dependencies certbot checks for on its first run. I set them in a fact so that
# I can pass the list directly to the apt module to install in one transaction.
- name: Set certbot dependencies (Ubuntu 16.04)
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
set_fact:
certbot_dependencies:
- augeas-doc
- augeas-tools
- binutils
- cpp
- cpp-5
- dialog
- gcc
- gcc-5
- libasan2
- libatomic1
- libcc1-0
- libcilkrts5
- libexpat1-dev
- libffi-dev
- libgcc-5-dev
- libgomp1
- libisl15
- libitm1
- liblsan0
- libmpc3
- libmpx0
- libpython-dev
- libpython2.7
- libpython2.7-dev
- libquadmath0
- libssl-dev
- libtsan0
- libubsan0
- python-dev
- python-pip-whl
- python-pkg-resources
- python-virtualenv
- python2.7-dev
- python3-virtualenv
- virtualenv
- zlib1g-dev
# Dependencies certbot checks for on its first run. I set them in a fact so that
# I can pass the list directly to the apt module to install in one transaction.
- name: Set certbot dependencies (Ubuntu 18.04)
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
set_fact:
certbot_dependencies:
- augeas-lenses
- binutils
- binutils-common
- binutils-x86-64-linux-gnu
- cpp
- cpp-7
- gcc
- gcc-7
- gcc-7-base
- libasan4
- libatomic1
- libaugeas0
- libbinutils
- libc-dev-bin
- libc6-dev
- libcc1-0
- libcilkrts5
- libexpat1-dev
- libffi-dev
- libgcc-7-dev
- libgomp1
- libisl19
- libitm1
- liblsan0
- libmpc3
- libmpx2
- libpython-dev
- libpython2.7
- libpython2.7-dev
- libquadmath0
- libssl-dev
- libtsan0
- libubsan0
- linux-libc-dev
- python-dev
- python-pip-whl
- python-pkg-resources
- python-virtualenv
- python2.7-dev
- python3-virtualenv
- virtualenv
- name: Install certbot dependencies
apt: name={{ certbot_dependencies }} state=present update_cache=yes
tags: letsencrypt
# vim: set ts=2 sw=2:
Reference in New Issue View Git Blame Copy Permalink