Verified Commit dacb47a7 authored by Florian Pritz's avatar Florian Pritz
Browse files

Refactor certbot into dedicated role


Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent ce73a5b9
......@@ -23,6 +23,7 @@
- { role: sshd, tags: ['sshd'] }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-client, tags: ["borg"] }
- { role: certbot }
- { role: nginx, tags: ["nginx"] }
- { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
- { role: spampd, tags: ["mail", "spampd"] }
......
......@@ -7,6 +7,7 @@
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: certbot }
- { role: nginx }
- { role: unbound }
- { role: syncrepo, tags: ['nginx'] }
......
......@@ -19,6 +19,7 @@
- { role: postfwd, tags: ['mail', "postfwd"] }
- { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
- { role: archusers, tags: ['archusers'] }
- { role: certbot }
- { role: nginx, tags: ["nginx"] }
- { role: dbscripts, repos_domain: "repos.archlinux.org", repos_rsync_domain: "rsync.archlinux.org", svntogit_repos: "/srv/svntogit/repos", postgres_ssl: 'on', tags: ['dbscripts', 'archusers'] }
- sogrep
......
......@@ -9,6 +9,7 @@
- { role: unbound }
- { role: root_ssh }
- { role: archusers }
- { role: certbot }
- { role: nginx }
- { role: sudo, tags: ['archusers'] }
- { role: syncrepo, tags: ['nginx'] }
......
......@@ -13,6 +13,7 @@
- { role: opendkim, dkim_selector: soyuz, tags: ['mail'] }
- { role: postfix, postfix_server: false, tags: ["mail", "postfix"] }
- { role: archusers, tags: ['archusers'] }
- { role: certbot }
- { role: nginx, tags: ["nginx"] }
- { role: sudo, tags: ['sudo', 'archusers'] }
- { role: phrik, tags: ['phrik'] }
......
---
- name: daemon reload
command: systemctl daemon-reload
---
- name: install certbot
pacman: name=certbot state=present
- name: install letsencrypt hook
copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=0755
- name: create letsencrypt hook dir
file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=0755
- name: install letsencrypt renewal service
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- certbot-renewal.service
- certbot-renewal.timer
notify:
- daemon reload
- name: activate letsencrypt renewal service
service: name=certbot-renewal.timer enabled=yes state=started
---
- name: install nginx
pacman: name=nginx,nginx-mod-brotli,certbot state=present
pacman: name=nginx,nginx-mod-brotli state=present
- name: install nginx.service snippet
copy: src=nginx.service.d dest=/etc/systemd/system owner=root group=root mode=0644
......@@ -37,20 +37,6 @@
- name: create directory to store validation stuff in
file: owner=root group=http mode=0750 path={{ letsencrypt_validation_dir }} state=directory
- name: install letsencrypt hook
copy: src=hook.sh dest=/etc/letsencrypt/hook.sh owner=root group=root mode=0755
- name: create letsencrypt hook dir
file: state=directory path=/etc/letsencrypt/hook.d owner=root group=root mode=0755
- name: install letsencrypt renewal service
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- certbot-renewal.service
- certbot-renewal.timer
notify:
- daemon reload
- name: install logrotate config
copy: src=logrotate.conf dest=/etc/logrotate.d/nginx-ansible owner=root group=root mode=0644
......@@ -60,9 +46,6 @@
- reload nginx
tags: ['nginx']
- name: activate letsencrypt renewal service
service: name=certbot-renewal.timer enabled=yes state=started
- name: enable nginx
service: name=nginx enabled=yes
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment