roles/space_server/tasks/certbot.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

---
- name: Create space.labitat.dk certificate
  command:
    argv:
    - '/usr/bin/certbot'
    - 'certonly'
    - '--non-interactive'
    - '--agree-tos'
    - '--no-eff-email'
    - '--max-log-backups'
    - '99'
    - '--standalone'
    - '--preferred-challenges'
    - 'http'
    - '--key-type'
    - 'rsa'
    - '-m'
    - 'noc@labitat.dk'
    - '-d'
    - 'space.labitat.dk'
    creates: '/etc/letsencrypt/renewal/space.labitat.dk.conf'

- name: Configure certbot renewal
  lineinfile:
    path: '/etc/sysconfig/certbot'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
  with_items:
  - regexp: '^CERTBOT_ARGS='
    line: 'CERTBOT_ARGS="--max-log-backups 99"'

- name: Enable certbot renewal timer
  systemd:
    name: certbot-renew.timer
    enabled: yes
    masked: no
    state: started
  when: not chroot
- name: '- when in chroot'
  command: systemctl enable certbot-renew.timer
  when: chroot

# vim: set ts=2 sw=2 et ft=yaml: