self-hosting/roles/setup_certbot/tasks/main.yml

---
- name: Install certbot
  become: true
  ansible.builtin.apt:
    name: certbot
    state: present
    update_cache: true

- name: Create acme directory
  become: true
  ansible.builtin.file:
    path: /var/www/acme
    state: directory
    mode: 0755

- name: Enable modules
  become: true
  community.general.apache2_module:
    name: "{{ item }}"
    state: present
  with_items:
    - rewrite
    - ssl
  notify: Reload apache2 service

- name: Copy apache confs
  become: true
  ansible.builtin.copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
  with_items:
    - {src: 'acme.conf', dest: '/etc/apache2/conf-available/acme.conf'}
    - {src: 'ssl-options.conf', dest: '/etc/apache2/conf-available/ssl-options.conf'}

- name: Enable apache confs
  become: true
  ansible.builtin.command: a2enconf {{ item }}
  with_items:
    - acme
    - ssl-options
  register: result
  changed_when: "'already enabled' not in result.stdout"
  notify: Reload apache2 service

- name: Allow certbot renewal
  become: true
  ansible.builtin.copy:
    src: http-certbot.conf
    dest: /etc/nftables/input.d/http-certbot.conf
    mode: 0640
  notify: Reload nftables service

- name: Allow incoming HTTPS
  become: true
  ansible.builtin.copy:
    src: https.conf
    dest: /etc/nftables/input.d/https.conf
    mode: 0640
  notify: Reload nftables service
Add role certbot 2022-03-12 19:42:26 +01:00			`---`
			`- name: Install certbot`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.apt:`
Add role certbot 2022-03-12 19:42:26 +01:00			`name: certbot`
			`state: present`
Fix lint nagging 2022-06-25 14:48:38 +02:00			`update_cache: true`
Add acme dir for certbot 2022-03-13 10:05:11 +01:00
Add certbot apache conf 2022-03-13 11:30:35 +01:00			`- name: Create acme directory`
Add acme dir for certbot 2022-03-13 10:05:11 +01:00			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.file:`
Add acme dir for certbot 2022-03-13 10:05:11 +01:00			`path: /var/www/acme`
			`state: directory`
Add certbot apache conf 2022-03-13 11:30:35 +01:00			`mode: 0755`

Move module enabling to certbot role 2022-03-15 15:31:12 +01:00			`- name: Enable modules`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`community.general.apache2_module:`
Move module enabling to certbot role 2022-03-15 15:31:12 +01:00			`name: "{{ item }}"`
			`state: present`
			`with_items:`
			`- rewrite`
			`- ssl`
			`notify: Reload apache2 service`

Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00			`- name: Copy apache confs`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.copy:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`mode: 0644`
Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00			`with_items:`
Fix lint nagging 2022-06-25 14:48:38 +02:00			`- {src: 'acme.conf', dest: '/etc/apache2/conf-available/acme.conf'}`
			`- {src: 'ssl-options.conf', dest: '/etc/apache2/conf-available/ssl-options.conf'}`
Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00
			`- name: Enable apache confs`
Add certbot apache conf 2022-03-13 11:30:35 +01:00			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.command: a2enconf {{ item }}`
Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00			`with_items:`
			`- acme`
			`- ssl-options`
Add certbot apache conf 2022-03-13 11:30:35 +01:00			`register: result`
			`changed_when: "'already enabled' not in result.stdout"`
			`notify: Reload apache2 service`
Add certbot renewal and nftables role 2022-03-13 11:46:24 +01:00
			`- name: Allow certbot renewal`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.copy:`
Add certbot renewal and nftables role 2022-03-13 11:46:24 +01:00			`src: http-certbot.conf`
			`dest: /etc/nftables/input.d/http-certbot.conf`
Fix lint nagging 2022-06-25 14:48:38 +02:00			`mode: 0640`
Add certbot renewal and nftables role 2022-03-13 11:46:24 +01:00			`notify: Reload nftables service`
Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00
			`- name: Allow incoming HTTPS`
			`become: true`
Fix some linting 2022-12-16 20:12:49 +01:00			`ansible.builtin.copy:`
Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00			`src: https.conf`
			`dest: /etc/nftables/input.d/https.conf`
Fix lint nagging 2022-06-25 14:48:38 +02:00			`mode: 0640`
Add ssl conf and nft rule for certbot 2022-03-15 15:53:54 +01:00			`notify: Reload nftables service`