55 lines
1.9 KiB
YAML
55 lines
1.9 KiB
YAML
- name: Letsencrypt
|
|
hosts: pi
|
|
become: true
|
|
tasks:
|
|
- name: Install Certbot
|
|
ansible.builtin.apt:
|
|
name: python3-certbot-nginx
|
|
state: present
|
|
|
|
- name: Request root certificates
|
|
changed_when: true
|
|
ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains secretbee.buzz
|
|
|
|
- name: Request root certificates
|
|
changed_when: true
|
|
ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains lounge.secretbee.buzz
|
|
|
|
- name: Request irc certificates
|
|
changed_when: true
|
|
ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains irc.secretbee.buzz
|
|
|
|
- name: Request git certificates
|
|
changed_when: true
|
|
ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains git.secretbee.buzz
|
|
|
|
- name: Request grafana certificates
|
|
changed_when: true
|
|
ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains grafana.secretbee.buzz
|
|
|
|
- name: Request mail certificates
|
|
changed_when: true
|
|
ansible.builtin.command: certbot certonly --nginx -m secretbumblebee@proton.me --agree-tos -n --domains mail.secretbee.buzz
|
|
|
|
- name: Add post hook script
|
|
ansible.builtin.copy:
|
|
src: irc-post-hook.sh
|
|
dest: /opt/irc-post-hook.sh
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Renew for post hook
|
|
changed_when: true
|
|
ansible.builtin.command: certbot renew --cert-name irc.secretbee.buzz --deploy-hook /opt/irc-post-hook.sh --force-renewal
|
|
|
|
- name: Change permission on live
|
|
ansible.builtin.file:
|
|
path: /etc/letsencrypt/live/
|
|
mode: '0711'
|
|
|
|
- name: Change permission on archive
|
|
ansible.builtin.file:
|
|
path: /etc/letsencrypt/archive/
|
|
mode: '0711'
|