138 lines
4.2 KiB
YAML
138 lines
4.2 KiB
YAML
---
|
|
|
|
- block:
|
|
- name: Copy systemd service to renew Let's Encrypt certs
|
|
template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
|
|
|
|
- name: Copy systemd timer to renew Let's Encrypt certs
|
|
copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
|
|
|
|
# always issues daemon-reload just in case the server/timer changed
|
|
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
|
systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
|
|
|
|
- name: Download certbot
|
|
get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
|
|
|
|
# Dependencies certbot checks for on its first run. I set them in a fact so that
|
|
# I can pass the list directly to the apt module to install in one transaction.
|
|
- name: Set certbot dependencies (Debian 10)
|
|
when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version('10', '==')
|
|
set_fact:
|
|
certbot_dependencies:
|
|
- augeas-lenses
|
|
- binutils
|
|
- binutils-common
|
|
- binutils-x86-64-linux-gnu
|
|
- cpp
|
|
- cpp-8
|
|
- gcc
|
|
- gcc-8
|
|
- libasan5
|
|
- libatomic1
|
|
- libaugeas0
|
|
- libbinutils
|
|
- libc-dev-bin
|
|
- libc6-dev
|
|
- libcc1-0
|
|
- libexpat1-dev
|
|
- libffi-dev
|
|
- libgcc-8-dev
|
|
- libgomp1
|
|
- libisl19
|
|
- libitm1
|
|
- liblsan0
|
|
- libmpc3
|
|
- libmpfr6
|
|
- libmpx2
|
|
- libpython-dev
|
|
- libpython2-dev
|
|
- libpython2.7
|
|
- libpython2.7-dev
|
|
- libquadmath0
|
|
- libssl-dev
|
|
- libtsan0
|
|
- libubsan1
|
|
- linux-libc-dev
|
|
- python-dev
|
|
- python-pip-whl
|
|
- python-pkg-resources
|
|
- python-virtualenv
|
|
- python2-dev
|
|
- python2.7-dev
|
|
- python3-distutils
|
|
- python3-lib2to3
|
|
- python3-virtualenv
|
|
- virtualenv
|
|
|
|
# Dependencies certbot checks for on its first run. I set them in a fact so that
|
|
# I can pass the list directly to the apt module to install in one transaction.
|
|
- name: Set certbot dependencies (Ubuntu 18.04)
|
|
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('18.04', '==')
|
|
set_fact:
|
|
certbot_dependencies:
|
|
- augeas-lenses
|
|
- binutils
|
|
- binutils-common
|
|
- binutils-x86-64-linux-gnu
|
|
- cpp
|
|
- cpp-7
|
|
- gcc
|
|
- gcc-7
|
|
- gcc-7-base
|
|
- libasan4
|
|
- libatomic1
|
|
- libaugeas0
|
|
- libbinutils
|
|
- libc-dev-bin
|
|
- libc6-dev
|
|
- libcc1-0
|
|
- libcilkrts5
|
|
- libexpat1-dev
|
|
- libffi-dev
|
|
- libgcc-7-dev
|
|
- libgomp1
|
|
- libisl19
|
|
- libitm1
|
|
- liblsan0
|
|
- libmpc3
|
|
- libmpx2
|
|
- libpython-dev
|
|
- libpython2.7
|
|
- libpython2.7-dev
|
|
- libquadmath0
|
|
- libssl-dev
|
|
- libtsan0
|
|
- libubsan0
|
|
- linux-libc-dev
|
|
- python-dev
|
|
- python-pip-whl
|
|
- python-pkg-resources
|
|
- python-virtualenv
|
|
- python2.7-dev
|
|
- python3-virtualenv
|
|
- virtualenv
|
|
|
|
- name: Install certbot dependencies
|
|
apt: name={{ certbot_dependencies }} state=present update_cache=yes
|
|
|
|
when: ansible_distribution != 'Ubuntu' and ansible_distribution_major_version is version('20.04', '!=')
|
|
tags: letsencrypt
|
|
|
|
# On Ubuntu 20.04 it is no longer recommended/supported to use the standalone
|
|
# certbot-auto so I guess we need to use the one from the repositories.
|
|
- block:
|
|
- name: Install certbot (Ubuntu 20.04)
|
|
apt: name=certbot state=present update_cache=yes
|
|
|
|
- name: Copy certbot post and pre hooks for nginx
|
|
copy: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0755
|
|
with_items:
|
|
- { src: 'stop-nginx.sh', dest: '/etc/letsencrypt/renewal-hooks/pre/stop-nginx.sh' }
|
|
- { src: 'start-nginx.sh', dest: '/etc/letsencrypt/renewal-hooks/post/start-nginx.sh' }
|
|
|
|
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')
|
|
tags: letsencrypt
|
|
|
|
# vim: set ts=2 sw=2:
|