Adding geoip module and instituting a deny variable for vhosts to consume #45
@@ -1,12 +0,0 @@
|
||||
[Unit]
|
||||
Description=Certbot
|
||||
|
||||
[Service]
|
||||
ExecStart=certbot renew -w /var/lib/letsencrypt/ --preferred-chain "ISRG Root X1"
|
||||
ExecStartPost=-/usr/bin/systemctl reload nginx
|
||||
ExecStartPost=-/usr/bin/systemctl reload inspircd
|
||||
KillMode=process
|
||||
Type=oneshot
|
||||
RemainAfterExit=no
|
||||
User=root
|
||||
Group=root
|
||||
@@ -7,26 +7,51 @@
|
||||
- certbot
|
||||
- openssl
|
||||
|
||||
- name: LetsEncrypt directory
|
||||
- name: LetsEncrypt directories
|
||||
become: yes
|
||||
file:
|
||||
path: /etc/letsencrypt
|
||||
path: "{{ item }}"
|
||||
owner: root
|
||||
group: ssl
|
||||
mode: 0750
|
||||
loop:
|
||||
- /etc/letsencrypt
|
||||
- /etc/certbot
|
||||
|
||||
- name: Services
|
||||
- name: Service timer
|
||||
become: yes
|
||||
register: services
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /usr/lib/systemd/system
|
||||
src: "certbot.timer"
|
||||
dest: /usr/lib/systemd/system/certbot.timer
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
loop:
|
||||
- "certbot.service"
|
||||
- "certbot.timer"
|
||||
|
||||
# per https://www.cloudns.net/wiki/article/448/
|
||||
- name: ClouDNS configuration
|
||||
become: yes
|
||||
template:
|
||||
src: "certbot.conf.j2"
|
||||
dest: /etc/certbot/certbot.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: Create virtual environment and install package
|
||||
become: yes
|
||||
command:
|
||||
cmd: "python3 -m venv /etc/certbot/venv && /etc/certbot/venv/bin/pip3 install certbot-dns-cloudns"
|
||||
creates: /etc/certbot/venv
|
||||
|
||||
- name: Service
|
||||
become: yes
|
||||
template:
|
||||
src: "certbot.service.j2"
|
||||
dest: /usr/lib/systemd/system/certbot.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: Enable timer
|
||||
when: services.changed
|
||||
|
||||
2
roles/SSL/templates/certbot.conf.j2
Normal file
2
roles/SSL/templates/certbot.conf.j2
Normal file
@@ -0,0 +1,2 @@
|
||||
dns_cloudns_auth_id={{ secrets.certbot.authid }}
|
||||
dns_cloudns_auth_password={{ secrets.certbot.passphrase }}
|
||||
12
roles/SSL/templates/certbot.service.j2
Executable file
12
roles/SSL/templates/certbot.service.j2
Executable file
@@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=Certbot
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/bash -c "source /etc/certbot/venv/bin/activate; certbot renew --authenticator dns-cloudns --dns-cloudns-credentials /etc/certbot/certbot.conf --dns-cloudns-nameserver {{ secrets.certbot.nameserver }}"
|
||||
ExecStartPost=-/usr/bin/systemctl reload nginx
|
||||
ExecStartPost=-/usr/bin/systemctl reload inspircd
|
||||
KillMode=process
|
||||
Type=oneshot
|
||||
RemainAfterExit=no
|
||||
User=root
|
||||
Group=root
|
||||
Reference in New Issue
Block a user