diff options
-rw-r--r-- | roles/letsencrypt/tasks/certbot.yml | 28 | ||||
-rw-r--r-- | roles/letsencrypt/tasks/digitalocean.yml | 28 | ||||
-rw-r--r-- | roles/letsencrypt/tasks/main.yml | 55 |
3 files changed, 58 insertions, 53 deletions
diff --git a/roles/letsencrypt/tasks/certbot.yml b/roles/letsencrypt/tasks/certbot.yml new file mode 100644 index 0000000..2a7664e --- /dev/null +++ b/roles/letsencrypt/tasks/certbot.yml @@ -0,0 +1,28 @@ +# Instructions are from +# https://certbot.eff.org/instructions?ws=nginx&os=snap&tab=wildcard + +- name: Install Certbot + become: true + block: + - name: Install snapd + ansible.builtin.apt: + install_recommends: false + name: snapd + + - name: Install Certbot + community.general.snap: + classic: true + name: certbot + + - name: Confirm plugin containment level + ansible.builtin.command: snap set certbot trust-plugin-with-root=ok + + - name: Install Certbot DigitalOcean plugin + community.general.snap: + name: certbot-dns-digitalocean + + - name: Create Certbot symlink in /usr/bin + ansible.builtin.file: + src: /snap/bin/certbot + dest: /usr/bin/certbot + state: link diff --git a/roles/letsencrypt/tasks/digitalocean.yml b/roles/letsencrypt/tasks/digitalocean.yml new file mode 100644 index 0000000..bbf9380 --- /dev/null +++ b/roles/letsencrypt/tasks/digitalocean.yml @@ -0,0 +1,28 @@ +- name: Configure Certbot DigitalOcean plugin + become: true + block: + - name: Prompt for token + ansible.builtin.pause: + prompt: | + Enter your API token: + echo: false + register: digitalocean_token + when: + - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0 + + - name: Set the token as a fact + ansible.builtin.set_fact: + digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}" + + - name: Fail if the token is invalid + ansible.builtin.fail: + msg: 'DigitalOcean token is invalid' + when: digitalocean_token | length == 0 + + - name: Configure certbot.ini + ansible.builtin.template: + src: certbot.ini + dest: '{{ certbot_ini }}' + owner: root + group: root + mode: '600' diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index d12aad2..a4160d7 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,59 +1,8 @@ -- name: Install snapd - become: true - ansible.builtin.apt: - install_recommends: false - name: snapd - - name: Install Certbot - become: true - community.general.snap: - classic: true - name: certbot - -- name: Confirm plugin containment level - become: true - ansible.builtin.command: snap set certbot trust-plugin-with-root=ok - -- name: Install Certbot DigitalOcean plugin - become: true - community.general.snap: - name: certbot-dns-digitalocean - -- name: Create Certbot symlink in /usr/bin - become: true - ansible.builtin.file: - src: /snap/bin/certbot - dest: /usr/bin/certbot - state: link + ansible.builtin.include_tasks: certbot.yml - name: Configure Certbot DigitalOcean plugin - become: true - block: - - name: Prompt for token - ansible.builtin.pause: - prompt: | - Enter your API token: - echo: false - register: digitalocean_token - when: - - lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0 - - - name: Set the token as a fact - ansible.builtin.set_fact: - digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}" - - - name: Fail if the token is invalid - ansible.builtin.fail: - msg: 'DigitalOcean token is invalid' - when: digitalocean_token | length == 0 - - - name: Configure certbot.ini - ansible.builtin.template: - src: certbot.ini - dest: '{{ certbot_ini }}' - owner: root - group: root - mode: '600' + ansible.builtin.include_tasks: digitalocean.yml - name: Create /etc/letsencrypt become: true |