--- - name: "Installer - Ansible - Python Library" ansible.builtin.pip: name: ansible state: latest extra_args: --upgrade virtualenv: ~/.venv/ansible virtualenv_command: "python3 -m venv" tags: - ansible - name: "Installer : Ansible : Create Folder" ansible.builtin.file: path: ~/bin state: directory tags: - ansible - name: "Installer : Ansible : Create Symbolic Links" ansible.builtin.file: src: ~/.venv/ansible/bin/{{ binary }} dest: ~/bin/{{ binary }} state: link vars: binaries: - ansible - ansible-community - ansible-config - ansible-console - ansible-doc - ansible-galaxy - ansible-inventory - ansible-playbook - ansible-pull - ansible-test - ansible-vault loop: "{{ binaries }}" loop_control: label: "{{ binary }}" loop_var: "binary" tags: - ansible - name: "Installer - Ansible - Dependencies / Python Libraries" ansible.builtin.pip: name: "{{ library }}" state: latest extra_args: --upgrade virtualenv: ~/.venv/ansible virtualenv_command: "python3 -m venv" vars: libraries: - cryptography - dnspython - hvac - jmespath - netaddr - pexpect loop: "{{ libraries }}" loop_control: label: "{{ library }}" loop_var: "library" - name: "Installer : Certbot : Auth Hook - Create Folder" ansible.builtin.file: path: ~/data/certbot/auth-hooks state: directory tags: - certbot - name: "Installer : Certbot : Auth Hook - Download" ansible.builtin.get_url: url: "https://git.waren.io/warengroup/acme-dns-auth/raw/branch/master/acme-dns-auth.py" dest: "~/data/certbot/auth-hooks/acme-dns.py" mode: '700' force: true tags: - certbot - name: "Installer : Certbot : Create Certificates" containers.podman.podman_container: name: certbot image: "docker.io/certbot/certbot:latest" state: started network: host volumes: - "{{ ansible_facts.user_dir }}/data/certbot:/etc/letsencrypt" command: "certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/auth-hooks/acme-dns.py --debug-challenges --key-type rsa -d {{ cert.domains | join(' -d ') }}" detach: false register: task changed_when: - task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1 loop: "{{ certs }}" loop_control: label: "{{ cert.name }}" loop_var: "cert" vars: certs: - name: arcadiamc email: mattez02.contact@gmail.com domains: - arcadiamc.wgi.fi tags: - certbot - name: "Installer : Schedule : Maintenance" ansible.builtin.cron: name: "Matte - Infra - Maintenance" hour: "*/3" minute: "0" job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t maintenance" tags: - cron - name: "Installer : Schedule : Deployer" ansible.builtin.cron: name: "Matte - Infra - Deployer" minute: "*/5" job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t deployer" tags: - cron - name: "Installer : Schedule : Backup" ansible.builtin.cron: name: "Matte - Infra - Backup" hour: "5" minute: "0" job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t backup" tags: - cron