mirror of
				https://github.com/MatteZ02/infra.git
				synced 2025-10-26 13:53:09 +00:00 
			
		
		
		
	Compare commits
	
		
			3 Commits
		
	
	
		
			eba463147c
			...
			2ed12a16fc
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 2ed12a16fc | ||
|   | f0601c105c | ||
|   | ecfa10fe1c | 
| @@ -1,15 +1,24 @@ | ||||
| --- | ||||
| - name: "Deployer - Certbot - Renew Certificates" | ||||
|   command: "certbot renew --config-dir ~/data/letsencrypt/config --logs-dir ~/data/letsencrypt/logs --work-dir ~/data/letsencrypt/work" | ||||
|   containers.podman.podman_container: | ||||
|     name: certbot | ||||
|     image: "docker.io/certbot/certbot:latest" | ||||
|     state: started | ||||
|     network: host | ||||
|     volumes: | ||||
|       - "{{ ansible_facts.user_dir }}/data/certbot:/etc/letsencrypt" | ||||
|     command: "renew" | ||||
|     detach: false | ||||
|   register: task | ||||
|   changed_when: task.stdout.find("No renewals were attempted.") == -1 | ||||
|   changed_when: | ||||
|     - task.stdout.find("No renewals were attempted.") == -1 | ||||
|   tags: | ||||
|     - certbot | ||||
|     - tls | ||||
|  | ||||
| - name: "Deployer - Certbot - Copy Certificates" | ||||
|   copy: | ||||
|     src: "~/data/letsencrypt/live/{{ cert }}/" | ||||
|     src: "~/data/certbot/live/{{ cert }}/" | ||||
|     dest: "~/data/certificates/{{ cert }}/" | ||||
|     follow: true | ||||
|   loop: "{{ certs }}" | ||||
|   | ||||
| @@ -61,42 +61,35 @@ | ||||
|     label: "{{ library }}" | ||||
|     loop_var: "library" | ||||
|  | ||||
| - name: "Installer : Certbot : Install" | ||||
|   pip: | ||||
|     name: certbot | ||||
|     state: latest | ||||
|     extra_args: --upgrade | ||||
|     virtualenv: ~/.venv/ansible | ||||
|     virtualenv_command: "python3 -m venv" | ||||
| - name: "Installer : Certbot : Auth Hook - Create Folder" | ||||
|   file: | ||||
|     path: ~/data/certbot/auth-hooks | ||||
|     state: directory | ||||
|   tags: | ||||
|     - certbot | ||||
|  | ||||
| - name: "Installer : Certbot : Create Symbolic Links" | ||||
|   ansible.builtin.file: | ||||
|     src: ~/.venv/ansible/bin/{{ binary }} | ||||
|     dest: ~/bin/{{ binary }} | ||||
|     state: link | ||||
|   vars: | ||||
|     binaries: | ||||
|       - certbot | ||||
|   loop: "{{ binaries }}" | ||||
|   loop_control: | ||||
|     label: "{{ binary }}" | ||||
|     loop_var: "binary" | ||||
|   tags: | ||||
|     - certbot | ||||
|  | ||||
| - name: "Installer : Certbot : Auth Hook" | ||||
| - name: "Installer : Certbot : Auth Hook - Download" | ||||
|   get_url: | ||||
|     url: "https://git.waren.io/warengroup/acme-dns-auth/raw/branch/master/acme-dns-auth.py" | ||||
|     dest: "~/data/letsencrypt/config/renewal-hooks/pre/acme-dns-auth.py" | ||||
|     dest: "~/data/certbot/auth-hooks/acme-dns.py" | ||||
|     mode: '700' | ||||
|     force: true | ||||
|   tags: | ||||
|     - certbot | ||||
|  | ||||
| - name: "Installer : Certbot : Create Certificates" | ||||
|   command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook ~/data/letsencrypt/config/renewal-hooks/pre/acme-dns-auth.py --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }} --config-dir ~/data/letsencrypt/config --logs-dir ~/data/letsencrypt/logs --work-dir ~/data/letsencrypt/work" | ||||
|   containers.podman.podman_container: | ||||
|     name: certbot | ||||
|     image: "docker.io/certbot/certbot:latest" | ||||
|     state: started | ||||
|     network: host | ||||
|     volumes: | ||||
|       - "{{ ansible_facts.user_dir }}/data/certbot:/etc/letsencrypt" | ||||
|     command: "certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/auth-hooks/acme-dns.py --debug-challenges --key-type rsa -d {{ cert.domains | join(' -d ') }}" | ||||
|     detach: false | ||||
|   register: task | ||||
|   changed_when: | ||||
|     - task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1 | ||||
|   loop: "{{ certs }}" | ||||
|   loop_control: | ||||
|     label: "{{ cert.name }}" | ||||
| @@ -107,14 +100,12 @@ | ||||
|         email: mattez02.contact@gmail.com | ||||
|         domains: | ||||
|           - arcadiamc.wgi.fi | ||||
|   register: task | ||||
|   changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1 | ||||
|   tags: | ||||
|     - certbot | ||||
|  | ||||
| - name: "Installer : Schedule : Maintenance" | ||||
|   cron: | ||||
|     name: "Matte - Maintenance" | ||||
|     name: "Matte - Infra - Maintenance" | ||||
|     hour: "*/3" | ||||
|     minute: "0" | ||||
|     job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t maintenance" | ||||
| @@ -123,7 +114,7 @@ | ||||
|  | ||||
| - name: "Installer : Schedule : Deployer" | ||||
|   cron: | ||||
|     name: "Matte - Deployer" | ||||
|     name: "Matte - Infra - Deployer" | ||||
|     minute: "*/5" | ||||
|     job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t deployer" | ||||
|   tags: | ||||
|   | ||||
		Reference in New Issue
	
	Block a user