52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
- name: Install Certbot and Nginx
|
|
block:
|
|
- name: Installing Python3 and PIP
|
|
ansible.builtin.apt:
|
|
state: present
|
|
update_cache: yes
|
|
pkg:
|
|
- nginx
|
|
- python3-pip
|
|
- python3
|
|
- python3-dev
|
|
- python3-venv
|
|
- libaugeas-dev
|
|
- gcc
|
|
|
|
- name: Installing Certbot
|
|
ansible.builtin.pip:
|
|
break_system_packages: true
|
|
extra_args: --upgrade
|
|
virtualenv: /tmp/.venv/
|
|
virtualenv_command: python3 -m venv
|
|
name:
|
|
- certbot
|
|
- certbot-nginx
|
|
when: not ansible_check_mode
|
|
|
|
- name: Obtain or renew SSL certificate for {{ cert_domain }}
|
|
ansible.builtin.shell: |
|
|
source /tmp/.venv/activate && certbot --nginx -d {{ cert_domain }} --non-interactive --agree-tos --email {{ cert_email }}
|
|
args:
|
|
executable: /bin/bash
|
|
creates: /etc/letsencrypt/live/{{ cert_domain }}/fullchain.pem
|
|
register: certbot_result
|
|
changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
|
|
when: not is_local
|
|
|
|
- name: Installing self-signed certificate
|
|
when: is_local
|
|
block:
|
|
- name: Create private key (RSA) with password protection
|
|
community.crypto.openssl_privatekey:
|
|
path: /etc/ssl/private/nginx-selfsigned.key
|
|
type: RSA
|
|
passphrase: "{{ passphrase }}"
|
|
|
|
- name: Create self-signed certificate
|
|
community.crypto.x509_certificate:
|
|
path: /etc/ssl/certs/nginx-selfsigned.crt
|
|
privatekey_path: /etc/ssl/private/nginx-selfsigned.key
|
|
provider: selfsigned
|
|
privatekey_passphrase: "{{ passphrase }}"
|
|
when: not ansible_check_mode |