59 lines
1.5 KiB
YAML
59 lines
1.5 KiB
YAML
---
|
|
- name: debug
|
|
debug:
|
|
msg: "plop {{ apache_server_alias }}"
|
|
changed_when: true
|
|
|
|
- name: install certbot
|
|
package:
|
|
name:
|
|
- certbot
|
|
- "{{ apache_ssl_packages }}"
|
|
|
|
state: present
|
|
|
|
- name: install apache config file without ssl
|
|
vars:
|
|
apache_use_ssl: false
|
|
template:
|
|
src: vhost.conf.jj
|
|
dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
|
|
mode: 0644
|
|
notify: restart apache
|
|
register: result
|
|
|
|
# cant use meta / flush handlers in conditionnals
|
|
- name: if needed, we restart apache
|
|
service:
|
|
name: "{{ apache_service_name}}"
|
|
state: restarted
|
|
when: result.changed
|
|
|
|
- name: "check if certificate already exists"
|
|
ansible.builtin.stat:
|
|
path: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
|
|
register: cert_stat
|
|
|
|
- name: generate certificates for domaine and subdomains
|
|
vars:
|
|
domainlist: "{{ [ apache_server_name ] + apache_server_alias|default( '') }}"
|
|
subdomains: "-d {{ domainlist | join( ' -d ' ) }}"
|
|
command: certbot certonly --webroot --webroot-path {{ certbot_docroot }} --agree-tos --non-interactive -m {{ certbot_email }} {{ subdomains }} --expand
|
|
when: not cert_stat.stat.exists
|
|
|
|
- name: deploy ssl config file
|
|
template:
|
|
src: ssl.conf
|
|
dest: "{{ apache_config_dir }}"
|
|
notify: restart apache
|
|
|
|
- name: create cronjob for renewal
|
|
cron:
|
|
name: certbot
|
|
cron_file: certbot
|
|
user: root
|
|
hour: "01"
|
|
minute: "00"
|
|
weekday: "6"
|
|
job: "/usr/bin/certbot renew"
|