aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/letsencrypt
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-08-20 18:38:17 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-08-20 21:43:59 +0200
commit97b930c6edc7973497f469ae859fa2258cbea4d6 (patch)
tree822382f2275cc25cb7d6d280cc37a17d0c7e1214 /roles/letsencrypt
parentv0.0.16 (diff)
downloadinfra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.tar.gz
infra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.zip
use variables instead facts mostly everywhere
set_fact is stupid; they persist through multiple role executions; for example, you cannot do this: set_fact: foo: '{{ foo | default("bar") }}' If somebody calls the role and defines foo, it will always be set to that value forever, even for subsequent role calls.
Diffstat (limited to 'roles/letsencrypt')
-rw-r--r--roles/letsencrypt/tasks/domain.yml52
-rw-r--r--roles/letsencrypt/tasks/main.yml2
2 files changed, 26 insertions, 28 deletions
diff --git a/roles/letsencrypt/tasks/domain.yml b/roles/letsencrypt/tasks/domain.yml
index 13717ef..d3cb50a 100644
--- a/roles/letsencrypt/tasks/domain.yml
+++ b/roles/letsencrypt/tasks/domain.yml
@@ -1,30 +1,26 @@
-- name: Set certificate name
- ansible.builtin.set_fact:
- certificate_name: '{{ item.name | default(item) }}'
-
-- name: Set certificate domains
- ansible.builtin.set_fact:
- certificate_domains: "{{ item.domains | default([certificate_name]) | sort | unique }}"
-
-- name: Cache domain list
+- name: Set up certificate for domain
become: true
- ansible.builtin.template:
- src: domain_list.txt
- dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
- owner: root
- group: root
- mode: '640'
- register: domain_list
+ vars:
+ certificate_name: '{{ domain.name | default(domain) }}'
+ certificate_domains: "{{ domain.domains | default([certificate_name]) | sort | unique }}"
+ block:
+ - name: Cache domain list
+ ansible.builtin.template:
+ src: domain_list.txt
+ dest: '/etc/letsencrypt/.domains_{{ certificate_name }}.txt'
+ owner: root
+ group: root
+ mode: '640'
+ register: domain_list
-- name: 'Create certificate: {{ certificate_name }}'
- become: true
- ansible.builtin.command: |
- certbot certonly --noninteractive --agree-tos \
- --cert-name '{{ certificate_name }}' \
- --email '{{ certbot_email }}' \
- --domains '{{ certificate_domains | join(',') }}' \
- --preferred-challenges dns \
- --dns-digitalocean \
- --dns-digitalocean-credentials '{{ certbot_ini }}' \
- --dns-digitalocean-propagation-seconds 30
- when: domain_list.changed
+ - name: 'Create certificate: {{ certificate_name }}'
+ ansible.builtin.command: |
+ certbot certonly --noninteractive --agree-tos \
+ --cert-name '{{ certificate_name }}' \
+ --email '{{ certbot_email }}' \
+ --domains '{{ certificate_domains | join(',') }}' \
+ --preferred-challenges dns \
+ --dns-digitalocean \
+ --dns-digitalocean-credentials '{{ certbot_ini }}' \
+ --dns-digitalocean-propagation-seconds 30
+ when: domain_list.changed
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index a4160d7..a1761a5 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -13,3 +13,5 @@
- name: Update certificates
ansible.builtin.include_tasks: domain.yml
loop: '{{ letsencrypt_domains }}'
+ loop_control:
+ loop_var: domain