Add Certbot DNS Playbook

Ansible/playbooks/pki.yml

@@ -0,0 +1,47 @@
+---
+- name: Public Key Infrastructure
+  hosts: debian_servers
+  remote_user: bhays
+  become: true
+  become_user: root
+  vars_files:
+    - ../homelab-vault/secrets.yml
+  vars:
+    certbot_auto_renew: true
+    certbot_auto_renew_user: root
+    certbot_email: "ben@benhays.org"
+    certbot_cloudflare_api_token: "{{ CF_API_TOKEN }}"
+  roles:
+    - geerlingguy.certbot
+  pre_tasks:
+    - name: Update apt cache if needed.
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+  tasks:
+    - name: Update/install Certbot
+      ansible.builtin.apt:
+        name:
+          - python3-certbot-dns-cloudflare
+        state: latest
+    - name: Create Certbot folder - /etc/letsencrypt
+      ansible.builtin.file:
+        path: /etc/letsencrypt
+        state: directory
+        owner: root
+        group: root
+        mode: "0700"
+    - name: Certbot Template
+      ansible.builtin.template:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        owner: root
+        group: root
+        mode: "0600"
+      with_items:
+        - { src: '../templates/dnscloudflare.ini.j2', dest: '/etc/letsencrypt/dnscloudflare.ini' }
+    - name: Generate Certificate
+      # yamllint disable rule:line-length
+      ansible.builtin.command: certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --dns-cloudflare-propagation-seconds 60 -m {{ certbot_email }} -d {{ ansible_host }}
+      args:
+        creates: /etc/letsencrypt/renewal/{{ ansible_host }}.conf

Ansible/templates/dnscloudflare.ini.j2

@@ -0,0 +1 @@
+dns_cloudflare_api_token = {{certbot_cloudflare_api_token}}