45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
|
|
- name: Update certbot certs
|
|
hosts: colors
|
|
serial: 1
|
|
become: true
|
|
become_user: root
|
|
become_method: sudo
|
|
vars_files:
|
|
- vars.yaml
|
|
tasks:
|
|
- name: Ensure nginx, certbot, and nginx-mod-stream are installed
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- certbot
|
|
state: present
|
|
- name: Get certs for all internal domains
|
|
ansible.builtin.shell: /usr/bin/certbot certonly --dns-route53 -d '{{ item.external.domain }}{{ internal_tld }}' -n
|
|
# Loops over every external.domains sub list
|
|
loop: "{{ http }}"
|
|
- name: Get certs for all external domains
|
|
ansible.builtin.shell: /usr/bin/certbot certonly --dns-route53 -d '{{ item.external.domain }}{{ expose_tld }}' -n
|
|
# Loops over every external.domains sub list
|
|
loop: "{{ http }}"
|
|
when: item.external.expose
|
|
- name: Create certbot renew service
|
|
template:
|
|
src: service/certbot-renew.service
|
|
dest: /etc/systemd/system/certbot-renew.service
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
- name: Create certbot renew timer
|
|
template:
|
|
src: service/certbot-renew.timer
|
|
dest: /etc/systemd/system/certbot-renew.timer
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
- name: Reload certbot-renew timer service
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|
|
enabled: true
|
|
state: restarted
|
|
name: certbot-renew.timer
|