90 lines
1.8 KiB
YAML
90 lines
1.8 KiB
YAML
---
|
|
|
|
- name: SSL packages
|
|
become: yes
|
|
package:
|
|
name:
|
|
- certbot
|
|
- openssl
|
|
|
|
- name: LetsEncrypt directories
|
|
become: yes
|
|
file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: ssl
|
|
mode: 0750
|
|
loop:
|
|
- /etc/letsencrypt
|
|
- /etc/certbot
|
|
|
|
- name: Service timer
|
|
become: yes
|
|
register: services
|
|
copy:
|
|
src: "certbot.timer"
|
|
dest: /usr/lib/systemd/system/certbot.timer
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
# per https://www.cloudns.net/wiki/article/448/
|
|
- name: ClouDNS configuration
|
|
become: yes
|
|
template:
|
|
src: "certbot.conf.j2"
|
|
dest: /etc/certbot/certbot.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: Create virtual environment and install package
|
|
become: yes
|
|
command:
|
|
cmd: "python3 -m venv /etc/certbot/venv && /etc/certbot/venv/bin/pip3 install certbot-dns-cloudns"
|
|
creates: /etc/certbot/venv
|
|
|
|
- name: Service
|
|
become: yes
|
|
template:
|
|
src: "certbot.service.j2"
|
|
dest: /usr/lib/systemd/system/certbot.service
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: Enable timer
|
|
when: services.changed
|
|
become: yes
|
|
systemd:
|
|
daemon_reload: yes
|
|
name: certbot.timer
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Create letsencrypt folder
|
|
become: yes
|
|
file:
|
|
path: /var/lib/letsencrypt
|
|
owner: root
|
|
group: http
|
|
mode: 2755
|
|
|
|
- name: Remove old TLSA script
|
|
become: yes
|
|
file:
|
|
path: /usr/local/sbin/tlsa-generation.bash
|
|
state: absent
|
|
|
|
- name: Copy record generator script
|
|
become: yes
|
|
template:
|
|
src: record-generation.bash.j2
|
|
dest: /usr/local/sbin/record-generation.bash
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
|
|
- debug:
|
|
msg: 'Run `sudo /usr/local/sbin/record-generation.bash` to generate a zonefile for import into a DNS provider.'
|