45 lines
1,022 B
YAML
45 lines
1,022 B
YAML
- name: Install packages
|
|
package:
|
|
name:
|
|
- certbot
|
|
- nginx
|
|
|
|
- name: Create HTTP server directories
|
|
file:
|
|
path: /srv/http/.well-known
|
|
recurse: true
|
|
state: directory
|
|
owner: nginx
|
|
group: nginx
|
|
|
|
- name: Set up default HTTP server
|
|
copy:
|
|
dest: /etc/nginx/http.d
|
|
src: default.conf
|
|
notify: reload nginx
|
|
|
|
- name: Enable nginx service
|
|
service:
|
|
name: nginx
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Get LE certificate
|
|
command:
|
|
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ ([dns_name] + tls_domains|default([])) | join(',') }}
|
|
creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
|
|
|
|
- name: Install certificate renewal deployment hook
|
|
copy:
|
|
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
|
src: reload-nginx.sh
|
|
mode: 0755
|
|
|
|
- name: Enable certbot renewal
|
|
cron:
|
|
name: "certbot renew"
|
|
job: "certbot renew --quiet"
|
|
user: root
|
|
hour: "2,14"
|
|
minute: "18"
|