allow to control multiple cert groups

2020-05-22 22:21:55 +02:00 · 2020-05-22 22:21:55 +02:00 · 3b99eaf72d
parent 5219535989
commit 3b99eaf72d
3 changed files with 27 additions and 19 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,7 +3,6 @@
 certbot_packages_extra: []

 certbot_user: root
-certbot_initial_run_enabled: False

 certbot_work_dir: /var/lib/letsencrypt
 certbot_config_dir: /etc/letsencrypt
@ -13,8 +12,12 @@ certbot_preferred_challenges: dns
 certbot_server: https://acme-v02.api.letsencrypt.org/directory
 certbot_email: mail@example.com
 certbot_rsa_key_size: 4096
-certbot_domains:
-  - example.com
+certbot_domain_groups:
+  - name: example
+    domains:
+      - "*.example.com"
+      - example.com
+    init: False

 # @var certbot_credentials:description: >
 # Specify key value parairs for your credentials (e.g. plugin credentials).
@ -26,7 +29,6 @@ certbot_credentials: []
 # @var certbot_bin:description: Location of the certbot binary. Default is to `~/.local/.bin/certbot`.
 certbot_command_arguments:
  - "certonly"
-  - "-n -d {{ certbot_domains | join(',') }}"

 # @var certbot_cron_enabled:description: Enable scheduling via cron.
 certbot_cron_enabled: True
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -45,7 +45,7 @@

    - name: Schedule certbot run
      cron:
-        name: Certbot automatic renewal
+        name: "Certbot automatic renewal: {{ item.name }}"
        minute: "{{ certbot_cron_minute }}"
        hour: "{{ certbot_cron_hour }}"
        user: "{{ certbot_cron_user | default(certbot_user) }}"
@ -55,7 +55,11 @@
          --work-dir {{ certbot_work_dir }}
          --logs-dir {{ certbot_log_dir }}
          {{ certbot_command_arguments | join(' ') }}
+          -n -d {{ item.domains | join(',') }}
        cron_file: "{{ certbot_cron_file | default(omit) }}"
+      loop: "{{ certbot_domain_groups }}"
+      loop_control:
+        label: "{{ item.name }}"
      when: certbot_cron_enabled
  become: True
  become_user: "{{ certbot_user }}"
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -1,17 +1,19 @@
 ---
- name: Initialise certbot
-  block:
-    - name: Initial run of certbot
-      command: >
-        {{ certbot_bin | default(__certbot_bin) }}
-        --config-dir {{ certbot_config_dir }}
-        --work-dir {{ certbot_work_dir }}
-        --logs-dir {{ certbot_log_dir }}
-        --agree-tos
-        {{ certbot_command_arguments | join(' ') }}
-      register: certbot_init
-      changed_when: certbot_init.rc == 130
-      ignore_errors: True
+- name: Initial run of certbot
+  command: >
+    {{ certbot_bin | default(__certbot_bin) }}
+    --config-dir {{ certbot_config_dir }}
+    --work-dir {{ certbot_work_dir }}
+    --logs-dir {{ certbot_log_dir }}
+    --agree-tos
+    {{ certbot_command_arguments | join(' ') }}
+    - n -d {{ item.domains | join(',') }}
+  register: certbot_init
+  changed_when: certbot_init.rc == 130
+  ignore_errors: True
+  loop: "{{ certbot_domain_groups }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: "{{ item.init | default(False) | bool }}"
  become: True
  become_user: "{{ certbot_user }}"
-  when: certbot_initial_run_enabled