48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
---
|
|
- name: Public Key Infrastructure
|
|
hosts: debian_servers
|
|
remote_user: bhays
|
|
become: true
|
|
become_user: root
|
|
vars_files:
|
|
- ../homelab-vault/secrets.yml
|
|
vars:
|
|
certbot_auto_renew: true
|
|
certbot_auto_renew_user: root
|
|
certbot_email: "ben@benhays.org"
|
|
certbot_cloudflare_api_token: "{{ CF_API_TOKEN }}"
|
|
roles:
|
|
- geerlingguy.certbot
|
|
pre_tasks:
|
|
- name: Update apt cache if needed.
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
tasks:
|
|
- name: Update/install Certbot
|
|
ansible.builtin.apt:
|
|
name:
|
|
- python3-certbot-dns-cloudflare
|
|
state: latest
|
|
- name: Create Certbot folder - /etc/letsencrypt
|
|
ansible.builtin.file:
|
|
path: /etc/letsencrypt
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0700"
|
|
- name: Certbot Template
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
with_items:
|
|
- { src: '../templates/dnscloudflare.ini.j2', dest: '/etc/letsencrypt/dnscloudflare.ini' }
|
|
- name: Generate Certificate
|
|
# yamllint disable rule:line-length
|
|
ansible.builtin.command: certbot certonly --non-interactive --agree-tos --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --dns-cloudflare-propagation-seconds 60 -m {{ certbot_email }} -d {{ ansible_host }}
|
|
args:
|
|
creates: /etc/letsencrypt/renewal/{{ ansible_host }}.conf
|