diff options
| author | Egor Tensin <Egor.Tensin@gmail.com> | 2023-08-20 18:38:17 +0200 |
|---|---|---|
| committer | Egor Tensin <Egor.Tensin@gmail.com> | 2023-08-20 21:43:59 +0200 |
| commit | 97b930c6edc7973497f469ae859fa2258cbea4d6 (patch) | |
| tree | 822382f2275cc25cb7d6d280cc37a17d0c7e1214 /roles/letsencrypt/tasks/domain.yml | |
| parent | v0.0.16 (diff) | |
| download | infra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.tar.gz infra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.zip | |
use variables instead facts mostly everywhere
set_fact is stupid; they persist through multiple role executions; for
example, you cannot do this:
set_fact:
foo: '{{ foo | default("bar") }}'
If somebody calls the role and defines foo, it will always be set to
that value forever, even for subsequent role calls.
Diffstat (limited to 'roles/letsencrypt/tasks/domain.yml')
| -rw-r--r-- | roles/letsencrypt/tasks/domain.yml | 52 |
1 files changed, 24 insertions, 28 deletions
diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml index 13717ef..d3cb50a 100644 --- a/roles/letsencrypt/tasks/domain.yml +++ b/roles/letsencrypt/tasks/domain.yml @@ -1,30 +1,26 @@ -- name: Set certificate name - ansible.builtin.set_fact: - certificate_name: '{{ item.name | default(item) }}' - -- name: Set certificate domains - ansible.builtin.set_fact: - certificate_domains: "{{ item.domains | default([certificate_name]) | sort | unique }}" - -- name: Cache domain list +- name: Set up certificate for domain become: true - ansible.builtin.template: - src: domain_list.txt - dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt' - owner: root - group: root - mode: '640' - register: domain_list + vars: + certificate_name: '{{ domain.name | default(domain) }}' + certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}" + block: + - name: Cache domain list + ansible.builtin.template: + src: domain_list.txt + dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt' + owner: root + group: root + mode: '640' + register: domain_list -- name: 'Create certificate: {{ certificate_name }}' - become: true - ansible.builtin.command: | - certbot certonly --noninteractive --agree-tos \ - --cert-name '{{ certificate_name }}' \ - --email '{{ certbot_email }}' \ - --domains '{{ certificate_domains | join(',') }}' \ - --preferred-challenges dns \ - --dns-digitalocean \ - --dns-digitalocean-credentials '{{ certbot_ini }}' \ - --dns-digitalocean-propagation-seconds 30 - when: domain_list.changed + - name: 'Create certificate: {{ certificate_name }}' + ansible.builtin.command: | + certbot certonly --noninteractive --agree-tos \ + --cert-name '{{ certificate_name }}' \ + --email '{{ certbot_email }}' \ + --domains '{{ certificate_domains | join(',') }}' \ + --preferred-challenges dns \ + --dns-digitalocean \ + --dns-digitalocean-credentials '{{ certbot_ini }}' \ + --dns-digitalocean-propagation-seconds 30 + when: domain_list.changed |