diff --git a/roles/add_cert_http_01/README.md b/roles/add_cert_http_01/README.md new file mode 100644 index 0000000..898f81d --- /dev/null +++ b/roles/add_cert_http_01/README.md @@ -0,0 +1,3 @@ +# Add certificate - HTTP-01 + +Deploys a Let's Encrypt certificate with `certbot`, using a HTTP-01 challenge. diff --git a/roles/setup_certbot/files/acme.conf b/roles/add_cert_http_01/files/apache2/conf-available/acme.conf similarity index 100% rename from roles/setup_certbot/files/acme.conf rename to roles/add_cert_http_01/files/apache2/conf-available/acme.conf diff --git a/roles/setup_certbot/files/ssl-options.conf b/roles/add_cert_http_01/files/apache2/conf-available/ssl-options.conf similarity index 100% rename from roles/setup_certbot/files/ssl-options.conf rename to roles/add_cert_http_01/files/apache2/conf-available/ssl-options.conf diff --git a/roles/setup_certbot/files/http-certbot.conf b/roles/add_cert_http_01/files/nftables/input.d/http-certbot.conf similarity index 100% rename from roles/setup_certbot/files/http-certbot.conf rename to roles/add_cert_http_01/files/nftables/input.d/http-certbot.conf diff --git a/roles/setup_certbot/meta/main.yml b/roles/add_cert_http_01/meta/main.yml similarity index 100% rename from roles/setup_certbot/meta/main.yml rename to roles/add_cert_http_01/meta/main.yml diff --git a/roles/setup_certbot/tasks/main.yml b/roles/add_cert_http_01/tasks/main.yml similarity index 68% rename from roles/setup_certbot/tasks/main.yml rename to roles/add_cert_http_01/tasks/main.yml index ffccb1c..cd39756 100644 --- a/roles/setup_certbot/tasks/main.yml +++ b/roles/add_cert_http_01/tasks/main.yml @@ -1,4 +1,5 @@ --- + - name: Install certbot become: true ansible.builtin.apt: @@ -29,16 +30,16 @@ - name: Copy apache confs become: true ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: "apache2/conf-available/{{ item }}" + dest: "/etc/apache2/conf-available/{{ item }}" mode: 0644 with_items: - - {src: 'acme.conf', dest: '/etc/apache2/conf-available/acme.conf'} - - {src: 'ssl-options.conf', dest: '/etc/apache2/conf-available/ssl-options.conf'} + - acme.conf + - ssl-options.conf - name: Enable apache confs become: true - ansible.builtin.command: a2enconf {{ item }} + ansible.builtin.command: "a2enconf {{ item }}" with_items: - acme - ssl-options @@ -49,15 +50,7 @@ - name: Allow certbot renewal become: true ansible.builtin.copy: - src: http-certbot.conf + src: nftables/input.d/http-certbot.conf dest: /etc/nftables/input.d/http-certbot.conf mode: 0640 notify: Reload nftables service - -- name: Allow incoming HTTPS - become: true - ansible.builtin.copy: - src: https.conf - dest: /etc/nftables/input.d/https.conf - mode: 0640 - notify: Reload nftables service diff --git a/roles/deux_puissance_x/meta/main.yml b/roles/deux_puissance_x/meta/main.yml index c674726..0f90237 100644 --- a/roles/deux_puissance_x/meta/main.yml +++ b/roles/deux_puissance_x/meta/main.yml @@ -1,5 +1,4 @@ --- dependencies: - role: setup_apache2 - - role: setup_certbot - role: setup_mariadb diff --git a/roles/forgejo/meta/main.yml b/roles/forgejo/meta/main.yml index 8b55d15..5acc3d4 100644 --- a/roles/forgejo/meta/main.yml +++ b/roles/forgejo/meta/main.yml @@ -3,4 +3,3 @@ dependencies: - role: setup_fail2ban - role: setup_apache2 - role: setup_mariadb - - role: setup_certbot diff --git a/roles/setup_certbot/files/https.conf b/roles/setup_certbot/files/https.conf deleted file mode 100644 index aac2b4a..0000000 --- a/roles/setup_certbot/files/https.conf +++ /dev/null @@ -1 +0,0 @@ -tcp dport https accept comment "Allow HTTPS from all" diff --git a/roles/tunuifranken/meta/main.yml b/roles/tunuifranken/meta/main.yml index 49b60e3..ab49541 100644 --- a/roles/tunuifranken/meta/main.yml +++ b/roles/tunuifranken/meta/main.yml @@ -1,4 +1,3 @@ --- dependencies: - role: setup_apache2 - - role: setup_certbot