69 lines
1.7 KiB
YAML
69 lines
1.7 KiB
YAML
---
|
|
- name: Install needed packages
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name:
|
|
- certbot
|
|
- virtualenv
|
|
state: present
|
|
|
|
- name: Install certbot-dns-infomaniak authenticator
|
|
become: true
|
|
ansible.builtin.pip:
|
|
name: certbot-dns-infomaniak
|
|
state: present
|
|
virtualenv: /etc/letsencrypt/certbot_dns_infomaniak_venv
|
|
|
|
|
|
- name: Copy authenticator credentials file
|
|
become: true
|
|
ansible.builtin.copy:
|
|
dest: /etc/letsencrypt/infomaniak_credentials.ini
|
|
content: "dns_infomaniak_token = {{ infomaniak_api_token }}"
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Perform dns-01 challenge
|
|
become: true
|
|
ansible.builtin.command:
|
|
argv:
|
|
- /etc/letsencrypt/certbot_dns_infomaniak_venv/bin/certbot
|
|
- certonly
|
|
- -n
|
|
- --authenticator
|
|
- dns-infomaniak
|
|
- --dns-infomaniak-credentials
|
|
- /etc/letsencrypt/infomaniak_credentials.ini
|
|
- --server
|
|
- https://acme-v02.api.letsencrypt.org/directory
|
|
- --rsa-key-size
|
|
- 4096
|
|
- -d
|
|
- "{{ domain }}"
|
|
- -m
|
|
- "{{ server_admin }}"
|
|
- --agree-tos
|
|
creates: "/etc/letsencrypt/live/{{ domain }}"
|
|
|
|
- name: Create directory for certbot.service override
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/certbot.service.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Create override for certbot.service
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: certbot.service.d/use_venv.conf
|
|
dest: /etc/systemd/system/certbot.service.d/use_venv.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: Reload systemd daemon
|
|
|
|
- name: Make sure systemd daemon is reloaded
|
|
ansible.builtin.meta: flush_handlers
|