add certbot

2019-11-13 21:48:50 +01:00 · 2019-11-13 21:48:50 +01:00 · 3eb36e6c0b
commit 3eb36e6c0b
parent b9517487fd
30 changed files with 659 additions and 22 deletions
--- a/roles/ansible-role-certbot/tasks/create-cert-standalone.yml
+++ b/roles/ansible-role-certbot/tasks/create-cert-standalone.yml
@ -0,0 +1,23 @@
+---
+- name: Check if certificate already exists.
+  stat:
+    path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
+  register: letsencrypt_cert
+
+- name: Stop services to allow certbot to generate a cert.
+  service:
+    name: "{{ item }}"
+    state: stopped
+  when: not letsencrypt_cert.stat.exists
+  with_items: "{{ certbot_create_standalone_stop_services }}"
+
+- name: Generate new certificate if one doesn't exist.
+  command: "{{ certbot_create_command }}"
+  when: not letsencrypt_cert.stat.exists
+
+- name: Start services after cert has been generated.
+  service:
+    name: "{{ item }}"
+    state: started
+  when: not letsencrypt_cert.stat.exists
+  with_items: "{{ certbot_create_standalone_stop_services }}"
--- a/roles/ansible-role-certbot/tasks/include-vars.yml
+++ b/roles/ansible-role-certbot/tasks/include-vars.yml
@ -0,0 +1,8 @@
+---
+- name: Load a variable file based on the OS type, or a default if not found.
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+    - "default.yml"
--- a/roles/ansible-role-certbot/tasks/install-from-source.yml
+++ b/roles/ansible-role-certbot/tasks/install-from-source.yml
@ -0,0 +1,17 @@
+---
+- name: Clone Certbot into configured directory.
+  git:
+    repo: "{{ certbot_repo }}"
+    dest: "{{ certbot_dir }}"
+    version: "{{ certbot_version }}"
+    update: "{{ certbot_keep_updated }}"
+    force: true
+
+- name: Set Certbot script variable.
+  set_fact:
+    certbot_script: "{{ certbot_dir }}/certbot-auto"
+
+- name: Ensure certbot-auto is executable.
+  file:
+    path: "{{ certbot_script }}"
+    mode: 0755
--- a/roles/ansible-role-certbot/tasks/install-with-package.yml
+++ b/roles/ansible-role-certbot/tasks/install-with-package.yml
@ -0,0 +1,7 @@
+---
+- name: Install Certbot.
+  package: "name={{ certbot_package }} state=present"
+
+- name: Set Certbot script variable.
+  set_fact:
+    certbot_script: "{{ certbot_package }}"
--- a/roles/ansible-role-certbot/tasks/main.yml
+++ b/roles/ansible-role-certbot/tasks/main.yml
@ -0,0 +1,19 @@
+---
+- import_tasks: include-vars.yml
+
+- import_tasks: install-with-package.yml
+  when: not certbot_install_from_source
+
+- import_tasks: install-from-source.yml
+  when: certbot_install_from_source
+
+- include_tasks: create-cert-standalone.yml
+  with_items: "{{ certbot_certs }}"
+  when:
+    - certbot_create_if_missing
+    - certbot_create_method == 'standalone'
+  loop_control:
+    loop_var: cert_item
+
+- import_tasks: renew-cron.yml
+  when: certbot_auto_renew
--- a/roles/ansible-role-certbot/tasks/renew-cron.yml
+++ b/roles/ansible-role-certbot/tasks/renew-cron.yml
@ -0,0 +1,8 @@
+---
+- name: Add cron job for certbot renewal (if configured).
+  cron:
+    name: Certbot automatic renewal.
+    job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}"
+    minute: "{{ certbot_auto_renew_minute }}"
+    hour: "{{ certbot_auto_renew_hour }}"
+    user: "{{ certbot_auto_renew_user }}"