blob: d12aad2396bd869735e7323deebe44744966a58a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
- name: Install snapd
become: true
ansible.builtin.apt:
install_recommends: false
name: snapd
- name: Install Certbot
become: true
community.general.snap:
classic: true
name: certbot
- name: Confirm plugin containment level
become: true
ansible.builtin.command: snap set certbot trust-plugin-with-root=ok
- name: Install Certbot DigitalOcean plugin
become: true
community.general.snap:
name: certbot-dns-digitalocean
- name: Create Certbot symlink in /usr/bin
become: true
ansible.builtin.file:
src: /snap/bin/certbot
dest: /usr/bin/certbot
state: link
- name: Configure Certbot DigitalOcean plugin
become: true
block:
- name: Prompt for token
ansible.builtin.pause:
prompt: |
Enter your API token:
echo: false
register: digitalocean_token
when:
- lookup('env', 'DIGITALOCEAN_TOKEN') | length <= 0
- name: Set the token as a fact
ansible.builtin.set_fact:
digitalocean_token: "{{ digitalocean_token.user_input | default(lookup('env', 'DIGITALOCEAN_TOKEN')) }}"
- name: Fail if the token is invalid
ansible.builtin.fail:
msg: 'DigitalOcean token is invalid'
when: digitalocean_token | length == 0
- name: Configure certbot.ini
ansible.builtin.template:
src: certbot.ini
dest: '{{ certbot_ini }}'
owner: root
group: root
mode: '600'
- name: Create /etc/letsencrypt
become: true
ansible.builtin.command: certbot certificates
args:
creates: /etc/letsencrypt
- name: Update certificates
ansible.builtin.include_tasks: domain.yml
loop: '{{ letsencrypt_domains }}'
|
