diff --git a/ansible/roles/certbot/tasks/main.yaml b/ansible/roles/certbot/tasks/main.yaml new file mode 100644 index 0000000..9983be3 --- /dev/null +++ b/ansible/roles/certbot/tasks/main.yaml @@ -0,0 +1,40 @@ +--- + +- name: install base apps + apt: + force_apt_get: yes + name: + - docker-compose-v2 + +- name: base path + file: + path: "/srv/certbot/{{item}}" + state: directory + recurse: true + with_items: + - www + - etc + +- name: copy docker-compose + template: + src: templates/docker-compose.yaml + dest: /srv/certbot/docker-compose.yaml + register: dockercompose + +#- name: nginx config +# template: +# src: templates/nginx.conf +# dest: /srv/nginx/conf.d/certbot.conf +# register: nginxconf + +- name: launch certbot + command: docker compose up -d + args: + chdir: /srv/certbot + +- name: restart certbot + command: docker compose restart + args: + chdir: /srv/certbot + when: dockercompose.changed or nginxconf.changed + diff --git a/ansible/roles/certbot/templates/docker-compose.yaml b/ansible/roles/certbot/templates/docker-compose.yaml new file mode 100644 index 0000000..bcb6097 --- /dev/null +++ b/ansible/roles/certbot/templates/docker-compose.yaml @@ -0,0 +1,21 @@ +version: '3.5' +services: + certbot: + container_name: certbot + image: certbot/certbot + restart: unless-stopped + volumes: + - /srv/certbot/etc:/etc/letsencrypt + - /srv/certbot/www:/var/www/certbot + entrypoint: > + /bin/sh -c 'trap exit TERM; + certbot certonly --noninteractive --register-unsafely-without-email --agree-tos --reinstall --cert-name {{domain_name}} -d {{domain_name}} --webroot --webroot-path=/var/www/certbot + ; while :; do certbot renew --noninteractive --webroot --webroot-path=/var/www/certbot --cert-name {{domain_name}} + ; sleep 12h & wait $${!}; done;' + networks: + - nginx + +networks: + nginx: + external: true + diff --git a/ansible/site.yaml b/ansible/site.yaml index 08d81f4..784cfd9 100644 --- a/ansible/site.yaml +++ b/ansible/site.yaml @@ -9,5 +9,6 @@ hosts: social roles: - { role: nginx, become: yes } + - { role: certbot, become: yes } - { role: mastodon, become: yes }