2022-03-12 19:42:26 +01:00
|
|
|
---
|
|
|
|
|
- name: Install certbot
|
|
|
|
|
become: true
|
|
|
|
|
apt:
|
|
|
|
|
name: certbot
|
|
|
|
|
state: present
|
|
|
|
|
update_cache: yes
|
2022-03-13 10:05:11 +01:00
|
|
|
|
2022-03-13 11:30:35 +01:00
|
|
|
- name: Create acme directory
|
2022-03-13 10:05:11 +01:00
|
|
|
become: true
|
|
|
|
|
file:
|
|
|
|
|
path: /var/www/acme
|
|
|
|
|
state: directory
|
2022-03-13 11:30:35 +01:00
|
|
|
mode: 0755
|
|
|
|
|
|
2022-03-15 15:31:12 +01:00
|
|
|
- name: Enable modules
|
|
|
|
|
become: true
|
|
|
|
|
apache2_module:
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
state: present
|
|
|
|
|
with_items:
|
|
|
|
|
- rewrite
|
|
|
|
|
- ssl
|
|
|
|
|
notify: Reload apache2 service
|
|
|
|
|
|
2022-03-15 15:53:54 +01:00
|
|
|
- name: Copy apache confs
|
|
|
|
|
become: true
|
|
|
|
|
copy: src={{ item.src }} dest={{ item.dest }}
|
|
|
|
|
with_items:
|
|
|
|
|
- { src: 'acme.conf', dest: '/etc/apache2/conf-available/acme.conf' }
|
|
|
|
|
- { src: 'ssl-options.conf', dest: '/etc/apache2/conf-available/ssl-options.conf' }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Enable apache confs
|
2022-03-13 11:30:35 +01:00
|
|
|
become: true
|
2022-03-15 15:53:54 +01:00
|
|
|
command: a2enconf {{ item }}
|
|
|
|
|
with_items:
|
|
|
|
|
- acme
|
|
|
|
|
- ssl-options
|
2022-03-13 11:30:35 +01:00
|
|
|
register: result
|
|
|
|
|
changed_when: "'already enabled' not in result.stdout"
|
|
|
|
|
notify: Reload apache2 service
|
2022-03-13 11:46:24 +01:00
|
|
|
|
|
|
|
|
- name: Allow certbot renewal
|
|
|
|
|
become: true
|
|
|
|
|
copy:
|
|
|
|
|
src: http-certbot.conf
|
|
|
|
|
dest: /etc/nftables/input.d/http-certbot.conf
|
|
|
|
|
notify: Reload nftables service
|
2022-03-15 15:53:54 +01:00
|
|
|
|
|
|
|
|
- name: Allow incoming HTTPS
|
|
|
|
|
become: true
|
|
|
|
|
copy:
|
|
|
|
|
src: https.conf
|
|
|
|
|
dest: /etc/nftables/input.d/https.conf
|
|
|
|
|
notify: Reload nftables service
|
