self-hosting/roles/add_cert/tasks/main.yml

---

- name: Make sure needed vars are defined
  ansible.builtin.fail:
    msg: "{{ item }} is undefined"
  loop:
    - "{{ add_cert_domain }}"
    - "{{ add_cert_email }}"
    - "{{ add_cert_post_hook }}"
  when: item is undefined

- name: Get local public IP
  ansible.builtin.uri:
    url: https://ipinfo.io/ip
    return_content: true
  register: local_public_ip

- name: Get public IP of "{{ add_cert_domain }}"
  ansible.builtin.set_fact:
    target_public_ip: "{{ lookup('community.general.dig', add_cert_domain, '@1.1.1.1') }}"

- name: Deploy letsencrypt certificate (HTTP-01)
  when: local_public_ip == target_public_ip
  ansible.builtin.include_role:
    name: add_cert_http_01

- name: Deploy letsencrypt certificate (DNS-01)
  when: local_public_ip != target_public_ip
  ansible.builtin.include_role:
    name: add_cert_dns_01
Add role "add_cert" to be used instead of add_cert_{dns_01,http_01} 2024-04-09 21:17:25 +02:00			`---`

			`- name: Make sure needed vars are defined`
			`ansible.builtin.fail:`
			`msg: "{{ item }} is undefined"`
			`loop:`
			`- "{{ add_cert_domain }}"`
			`- "{{ add_cert_email }}"`
			`- "{{ add_cert_post_hook }}"`
			`when: item is undefined`

			`- name: Get local public IP`
			`ansible.builtin.uri:`
			`url: https://ipinfo.io/ip`
			`return_content: true`
			`register: local_public_ip`

			`- name: Get public IP of "{{ add_cert_domain }}"`
			`ansible.builtin.set_fact:`
			`target_public_ip: "{{ lookup('community.general.dig', add_cert_domain, '@1.1.1.1') }}"`

			`- name: Deploy letsencrypt certificate (HTTP-01)`
			`when: local_public_ip == target_public_ip`
			`ansible.builtin.include_role:`
			`name: add_cert_http_01`

			`- name: Deploy letsencrypt certificate (DNS-01)`
			`when: local_public_ip != target_public_ip`
			`ansible.builtin.include_role:`
			`name: add_cert_dns_01`