Kapisi/roles/SSL/tasks/main.yml

---

 - name: SSL packages
   become: yes
   package:
     name:
      - certbot
      - openssl

 - name: LetsEncrypt directory
   become: yes
   file:
     path: /etc/letsencrypt
     owner: root
     group: ssl
     mode: 0750

 - name: Services
   become: yes
   register: services
   copy:
     src: "{{ item }}"
     dest: /usr/lib/systemd/system
     owner: root
     group: root
     mode: 0644
   loop:
     - "certbot.service"
     - "certbot.timer"

 - name: Enable timer
   when: services.changed
   become: yes
   systemd:
     daemon_reload: yes
     name: certbot.timer
     enabled: yes
     state: started

 - name: Create letsencrypt folder
   become: yes
   file:
     path: /var/lib/letsencrypt
     owner: root
     group: http
     mode: 2755

 - name: Remove old TLSA script
   become: yes
   file:
     path: /usr/local/sbin/tlsa-generation.bash
     state: absent

 - name: Copy record generator script
   become: yes
   template:
     src: record-generation.bash.j2
     dest: /usr/local/sbin/record-generation.bash
     owner: root
     group: root
     mode: 0700

 - debug:
     msg: 'Run `sudo /usr/local/sbin/record-generation.bash` to generate a zonefile for import into a DNS provider.'
Updating Ubiqtorate 2020-10-08 16:33:19 -05:00			`---`

			`- name: SSL packages`
			`become: yes`
Whitespace cleanup to get in sync with AniNIX/Uniglot hooks 2022-11-20 20:03:01 -06:00			`package:`
			`name:`
Updating Ubiqtorate 2020-10-08 16:33:19 -05:00			`- certbot`
			`- openssl`
Catching up with current successes 2022-01-25 23:54:43 -06:00
Updates for Raspberry Pi 12 Bookworm 2024-07-23 14:18:32 -05:00			`- name: LetsEncrypt directory`
			`become: yes`
			`file:`
			`path: /etc/letsencrypt`
			`owner: root`
			`group: ssl`
			`mode: 0750`

Catching up with current successes 2022-01-25 23:54:43 -06:00			`- name: Services`
			`become: yes`
			`register: services`
			`copy:`
			`src: "{{ item }}"`
			`dest: /usr/lib/systemd/system`
			`owner: root`
			`group: root`
			`mode: 0644`
Whitespace cleanup to get in sync with AniNIX/Uniglot hooks 2022-11-20 20:03:01 -06:00			`loop:`
Catching up with current successes 2022-01-25 23:54:43 -06:00			`- "certbot.service"`
			`- "certbot.timer"`

			`- name: Enable timer`
			`when: services.changed`
Updates to fix certbot.service issues reloading 2022-10-01 23:54:40 -05:00			`become: yes`
Catching up with current successes 2022-01-25 23:54:43 -06:00			`systemd:`
			`daemon_reload: yes`
			`name: certbot.timer`
			`enabled: yes`
			`state: started`
Whitespace cleanup to get in sync with AniNIX/Uniglot hooks 2022-11-20 20:03:01 -06:00
Catching up with current successes 2022-01-25 23:54:43 -06:00			`- name: Create letsencrypt folder`
			`become: yes`
			`file:`
			`path: /var/lib/letsencrypt`
			`owner: root`
			`group: http`
			`mode: 2755`

AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00			`- name: Remove old TLSA script`
			`become: yes`
			`file:`
			`path: /usr/local/sbin/tlsa-generation.bash`
			`state: absent`

			`- name: Copy record generator script`
Catching up with current successes 2022-01-25 23:54:43 -06:00			`become: yes`
			`template:`
AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00			`src: record-generation.bash.j2`
			`dest: /usr/local/sbin/record-generation.bash`
Catching up with current successes 2022-01-25 23:54:43 -06:00			`owner: root`
			`group: root`
			`mode: 0700`

AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00			`- debug:`
			msg: 'Run `sudo /usr/local/sbin/record-generation.bash` to generate a zonefile for import into a DNS provider.'