65 lines
1.2 KiB
YAML
65 lines
1.2 KiB
YAML
---
|
|
|
|
- name: SSL packages
|
|
become: yes
|
|
package:
|
|
name:
|
|
- certbot
|
|
- openssl
|
|
|
|
- name: LetsEncrypt directory
|
|
become: yes
|
|
file:
|
|
path: /etc/letsencrypt
|
|
owner: root
|
|
group: ssl
|
|
mode: 0750
|
|
|
|
- name: Services
|
|
become: yes
|
|
register: services
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/lib/systemd/system
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop:
|
|
- "certbot.service"
|
|
- "certbot.timer"
|
|
|
|
- name: Enable timer
|
|
when: services.changed
|
|
become: yes
|
|
systemd:
|
|
daemon_reload: yes
|
|
name: certbot.timer
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Create letsencrypt folder
|
|
become: yes
|
|
file:
|
|
path: /var/lib/letsencrypt
|
|
owner: root
|
|
group: http
|
|
mode: 2755
|
|
|
|
- name: Remove old TLSA script
|
|
become: yes
|
|
file:
|
|
path: /usr/local/sbin/tlsa-generation.bash
|
|
state: absent
|
|
|
|
- name: Copy record generator script
|
|
become: yes
|
|
template:
|
|
src: record-generation.bash.j2
|
|
dest: /usr/local/sbin/record-generation.bash
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
|
|
- debug:
|
|
msg: 'Run `sudo /usr/local/sbin/record-generation.bash` to generate a zonefile for import into a DNS provider.'
|