From f27a0901c5c11f3a8c39284a7cea59cd89a21a9f Mon Sep 17 00:00:00 2001 From: Tunui Franken Date: Fri, 8 Mar 2024 09:59:23 +0100 Subject: [PATCH] Conditionnaly run DNS-01 or HTTP-01 for certificates --- playbook_mailserver.yml | 15 +++++++++++++++ roles/forgejo/tasks/main.yml | 23 ++++++++++++++++++++++- roles/tunuifranken/tasks/main.yml | 22 ++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) diff --git a/playbook_mailserver.yml b/playbook_mailserver.yml index 9e5e4ca..29add71 100644 --- a/playbook_mailserver.yml +++ b/playbook_mailserver.yml @@ -5,10 +5,25 @@ - name: Install mail server gather_facts: true hosts: mailserver,mailserver-test + pre_tasks: + - name: Get local public IP + tags: cert + ansible.builtin.uri: + url: https://ipinfo.io/ip + return_content: true + register: local_public_ip + - name: Get public IP of "{{ letsencrypt_domain }}" + tags: cert + ansible.builtin.set_fact: + target_public_ip: "{{ lookup('community.general.dig', letsencrypt_domain, '@1.1.1.1') }}" roles: - role: common_handlers tags: always + - role: add_cert_http_01 + when: local_public_ip == target_public_ip + tags: cert - role: add_cert_dns_01 + when: local_public_ip != target_public_ip tags: cert - role: mailserver_database tags: database diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml index 24f4844..13cf772 100644 --- a/roles/forgejo/tasks/main.yml +++ b/roles/forgejo/tasks/main.yml @@ -1,5 +1,26 @@ --- -- name: Deploy letsencrypt certificate + +- name: Get local public IP + ansible.builtin.uri: + url: https://ipinfo.io/ip + return_content: true + register: local_public_ip + +- name: Get public IP of "{{ forgejo_domain }}" + ansible.builtin.set_fact: + target_public_ip: "{{ lookup('community.general.dig', forgejo_domain, '@1.1.1.1') }}" + +- name: Deploy letsencrypt certificate (HTTP-01) + when: local_public_ip == target_public_ip + ansible.builtin.include_role: + name: add_cert_http_01 + vars: + letsencrypt_domain: "{{ forgejo_domain }}" + letsencrypt_email: "{{ forgejo_server_admin }}" + letsencrypt_post_hook: systemctl restart apache2 + +- name: Deploy letsencrypt certificate (DNS-01) + when: local_public_ip != target_public_ip ansible.builtin.include_role: name: add_cert_dns_01 vars: diff --git a/roles/tunuifranken/tasks/main.yml b/roles/tunuifranken/tasks/main.yml index 44aa181..125cf1d 100644 --- a/roles/tunuifranken/tasks/main.yml +++ b/roles/tunuifranken/tasks/main.yml @@ -1,10 +1,32 @@ --- + +- name: Get local public IP + ansible.builtin.uri: + url: https://ipinfo.io/ip + return_content: true + register: local_public_ip + +- name: Get public IP of "{{ tunuifranken_domain }}" + ansible.builtin.set_fact: + target_public_ip: "{{ lookup('community.general.dig', tunuifranken_domain, '@1.1.1.1') }}" + +- name: Deploy letsencrypt certificate (HTTP-01) + when: local_public_ip == target_public_ip + ansible.builtin.include_role: + name: add_cert_http_01 + vars: + letsencrypt_domain: "{{ tunuifranken_domain }}" + letsencrypt_email: "{{ tunuifranken_server_admin }}" + letsencrypt_post_hook: systemctl restart apache2 + - name: Deploy letsencrypt certificate + when: local_public_ip != target_public_ip ansible.builtin.include_role: name: add_cert_dns_01 vars: letsencrypt_domain: "{{ tunuifranken_domain }}" letsencrypt_email: "{{ tunuifranken_server_admin }}" + letsencrypt_post_hook: systemctl restart apache2 - name: Create tunuifranken directory become: true