ansible/xoxys.certbot
1
0
Fork 0
Code Issues Pull Requests Releases Activity

allow to control multiple cert groups
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2020-05-22 22:21:55 +02:00
parent 5219535989
commit 3b99eaf72d
3 changed files with 27 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
defaults/main.yml
View File

@ -3,7 +3,6 @@
certbot_packages_extra: [] certbot_packages_extra: []
certbot_user: root certbot_user: root
certbot_initial_run_enabled: False
certbot_work_dir: /var/lib/letsencrypt certbot_work_dir: /var/lib/letsencrypt
certbot_config_dir: /etc/letsencrypt certbot_config_dir: /etc/letsencrypt
@ -13,8 +12,12 @@ certbot_preferred_challenges: dns
certbot_server: https://acme-v02.api.letsencrypt.org/directory certbot_server: https://acme-v02.api.letsencrypt.org/directory
certbot_email: mail@example.com certbot_email: mail@example.com
certbot_rsa_key_size: 4096 certbot_rsa_key_size: 4096
certbot_domains: certbot_domain_groups:
- example.com - name: example
domains:
- "*.example.com"
- example.com
init: False
# @var certbot_credentials:description: > # @var certbot_credentials:description: >
# Specify key value parairs for your credentials (e.g. plugin credentials). # Specify key value parairs for your credentials (e.g. plugin credentials).
@ -26,7 +29,6 @@ certbot_credentials: []
# @var certbot_bin:description: Location of the certbot binary. Default is to `~/.local/.bin/certbot`. # @var certbot_bin:description: Location of the certbot binary. Default is to `~/.local/.bin/certbot`.
certbot_command_arguments: certbot_command_arguments:
- "certonly" - "certonly"
- "-n -d {{ certbot_domains | join(',') }}"
# @var certbot_cron_enabled:description: Enable scheduling via cron. # @var certbot_cron_enabled:description: Enable scheduling via cron.
certbot_cron_enabled: True certbot_cron_enabled: True

6
tasks/install.yml
View File

@ -45,7 +45,7 @@
- name: Schedule certbot run - name: Schedule certbot run
cron: cron:
name: Certbot automatic renewal name: "Certbot automatic renewal: {{ item.name }}"
minute: "{{ certbot_cron_minute }}" minute: "{{ certbot_cron_minute }}"
hour: "{{ certbot_cron_hour }}" hour: "{{ certbot_cron_hour }}"
user: "{{ certbot_cron_user | default(certbot_user) }}" user: "{{ certbot_cron_user | default(certbot_user) }}"
@ -55,7 +55,11 @@
--work-dir {{ certbot_work_dir }} --work-dir {{ certbot_work_dir }}
--logs-dir {{ certbot_log_dir }} --logs-dir {{ certbot_log_dir }}
{{ certbot_command_arguments | join(' ') }} {{ certbot_command_arguments | join(' ') }}
-n -d {{ item.domains | join(',') }}
cron_file: "{{ certbot_cron_file | default(omit) }}" cron_file: "{{ certbot_cron_file | default(omit) }}"
loop: "{{ certbot_domain_groups }}"
loop_control:
label: "{{ item.name }}"
when: certbot_cron_enabled when: certbot_cron_enabled
become: True become: True
become_user: "{{ certbot_user }}" become_user: "{{ certbot_user }}"

30
tasks/setup.yml
View File

@ -1,17 +1,19 @@
--- ---
- name: Initialise certbot - name: Initial run of certbot
block: command: >
- name: Initial run of certbot {{ certbot_bin | default(__certbot_bin) }}
command: > --config-dir {{ certbot_config_dir }}
{{ certbot_bin | default(__certbot_bin) }} --work-dir {{ certbot_work_dir }}
--config-dir {{ certbot_config_dir }} --logs-dir {{ certbot_log_dir }}
--work-dir {{ certbot_work_dir }} --agree-tos
--logs-dir {{ certbot_log_dir }} {{ certbot_command_arguments | join(' ') }}
--agree-tos - n -d {{ item.domains | join(',') }}
{{ certbot_command_arguments | join(' ') }} register: certbot_init
register: certbot_init changed_when: certbot_init.rc == 130
changed_when: certbot_init.rc == 130 ignore_errors: True
ignore_errors: True loop: "{{ certbot_domain_groups }}"
loop_control:
label: "{{ item.name }}"
when: "{{ item.init | default(False) | bool }}"
become: True become: True
become_user: "{{ certbot_user }}" become_user: "{{ certbot_user }}"
when: certbot_initial_run_enabled