From 3da205a190c0b6f36a726d90afa4dc303ee84ffe Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Tue, 19 Jan 2021 19:20:48 +0100
Subject: space_server: certbot: get space.labitat.dk certificate

---
 roles/space_server/tasks/certbot.yml | 43 ++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 roles/space_server/tasks/certbot.yml

(limited to 'roles/space_server/tasks/certbot.yml')

diff --git a/roles/space_server/tasks/certbot.yml b/roles/space_server/tasks/certbot.yml
new file mode 100644
index 0000000..5e222ae
--- /dev/null
+++ b/roles/space_server/tasks/certbot.yml
@@ -0,0 +1,43 @@
+---
+- name: Create space.labitat.dk certificate
+  command:
+    argv:
+    - '/usr/bin/certbot'
+    - 'certonly'
+    - '--non-interactive'
+    - '--agree-tos'
+    - '--no-eff-email'
+    - '--max-log-backups'
+    - '99'
+    - '--standalone'
+    - '--preferred-challenges'
+    - 'http'
+    - '--key-type'
+    - 'rsa'
+    - '-m'
+    - 'noc@labitat.dk'
+    - '-d'
+    - 'space.labitat.dk'
+    creates: '/etc/letsencrypt/renewal/space.labitat.dk.conf'
+
+- name: Configure certbot renewal
+  lineinfile:
+    path: '/etc/sysconfig/certbot'
+    regexp: '{{ item.regexp }}'
+    line: '{{ item.line }}'
+  with_items:
+  - regexp: '^CERTBOT_ARGS='
+    line: 'CERTBOT_ARGS="--max-log-backups 99"'
+
+- name: Enable certbot renewal timer
+  systemd:
+    name: certbot-renew.timer
+    enabled: yes
+    masked: no
+    state: started
+  when: not chroot
+- name: '- when in chroot'
+  command: systemctl enable certbot-renew.timer
+  when: chroot
+
+# vim: set ts=2 sw=2 et ft=yaml:
-- 
cgit v1.2.1