aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
-rw-r--r--roles/letsencrypt/tasks/certbot.yml28
-rw-r--r--roles/letsencrypt/tasks/digitalocean.yml28
-rw-r--r--roles/letsencrypt/tasks/main.yml55
3 files changed, 58 insertions, 53 deletions
diff --git a/roles/letsencrypt/tasks/certbot.yml b/roles/letsencrypt/tasks/certbot.yml
new file mode 100644
index 0000000..2a7664e
--- /dev/null
+++ b/roles/letsencrypt/tasks/certbot.yml
@@ -0,0 +1,28 @@
+# Instructions are from
+# https://certbot.eff.org/instructions?ws=nginx&os=snap&tab=wildcard
+
+- name: Install Certbot
+ become: true
+ block:
+ - name: Install snapd
+ ansible.builtin.apt:
+ install_recommends: false
+ name: snapd
+
+ - name: Install Certbot
+ community.general.snap:
+ classic: true
+ name: certbot
+
+ - name: Confirm plugin containment level
+ ansible.builtin.command: snap set certbot trust-plugin-with-root=ok
+
+ - name: Install Certbot DigitalOcean plugin
+ community.general.snap:
+ name: certbot-dns-digitalocean
+
+ - name: Create Certbot symlink in /usr/bin
+ ansible.builtin.file:
+ src: /snap/bin/certbot
+ dest: /usr/bin/certbot
+ state: link
diff --git a/roles/letsencrypt/tasks/digitalocean.yml b/roles/letsencrypt/tasks/digitalocean.yml
new file mode 100644
index 0000000..bbf9380
--- /dev/null
+++ b/roles/letsencrypt/tasks/digitalocean.yml
@@ -0,0 +1,28 @@
+- name: Configure Certbot DigitalOcean plugin
+ become: true
+ block:
+ - name: Prompt for token
+ ansible.builtin.pause:
+ prompt: |
+ Enter your API token:
+ echo: false
+ register: digitalocean_token
+ when:
+ - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0
+
+ - name: Set the token as a fact
+ ansible.builtin.set_fact:
+ digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}"
+
+ - name: Fail if the token is invalid
+ ansible.builtin.fail:
+ msg: 'DigitalOcean token is invalid'
+ when: digitalocean_token | length == 0
+
+ - name: Configure certbot.ini
+ ansible.builtin.template:
+ src: certbot.ini
+ dest: '{{ certbot_ini }}'
+ owner: root
+ group: root
+ mode: '600'
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
index d12aad2..a4160d7 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@@ -1,59 +1,8 @@
-- name: Install snapd
- become: true
- ansible.builtin.apt:
- install_recommends: false
- name: snapd
-
- name: Install Certbot
- become: true
- community.general.snap:
- classic: true
- name: certbot
-
-- name: Confirm plugin containment level
- become: true
- ansible.builtin.command: snap set certbot trust-plugin-with-root=ok
-
-- name: Install Certbot DigitalOcean plugin
- become: true
- community.general.snap:
- name: certbot-dns-digitalocean
-
-- name: Create Certbot symlink in /usr/bin
- become: true
- ansible.builtin.file:
- src: /snap/bin/certbot
- dest: /usr/bin/certbot
- state: link
+ ansible.builtin.include_tasks: certbot.yml
- name: Configure Certbot DigitalOcean plugin
- become: true
- block:
- - name: Prompt for token
- ansible.builtin.pause:
- prompt: |
- Enter your API token:
- echo: false
- register: digitalocean_token
- when:
- - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0
-
- - name: Set the token as a fact
- ansible.builtin.set_fact:
- digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}"
-
- - name: Fail if the token is invalid
- ansible.builtin.fail:
- msg: 'DigitalOcean token is invalid'
- when: digitalocean_token | length == 0
-
- - name: Configure certbot.ini
- ansible.builtin.template:
- src: certbot.ini
- dest: '{{ certbot_ini }}'
- owner: root
- group: root
- mode: '600'
+ ansible.builtin.include_tasks: digitalocean.yml
- name: Create /etc/letsencrypt
become: true