diff --git a/roles/docker-attendize/tasks/main.yml b/roles/docker-attendize/tasks/main.yml index c9d410c3..dd422ed7 100644 --- a/roles/docker-attendize/tasks/main.yml +++ b/roles/docker-attendize/tasks/main.yml @@ -4,7 +4,8 @@ name: docker-central-database - name: "include tasks to receive attendize certbot certificate" - include_tasks: recieve-certbot-certificate.yml + include_role: + name: nginx-https-recieve-certificate vars: domain: "{{ item }}" loop: diff --git a/roles/docker-mastodon/tasks/create-domains.yml b/roles/docker-mastodon/tasks/create-domains.yml index 6c672eeb..18a1e39f 100644 --- a/roles/docker-mastodon/tasks/create-domains.yml +++ b/roles/docker-mastodon/tasks/create-domains.yml @@ -1,6 +1,7 @@ -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml - +- name: "include role receive certbot certificate" + include_role: + name: nginx-https-recieve-certificate + - name: configure {{domain}}.conf template: src: "mastodon.conf.j2" diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 23aede9f..69026528 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml +- name: "include role receive certbot certificate" + include_role: + name: nginx-https-recieve-certificate vars: domain: "{{domains.matrix_synapse}}" http_port: "{{ports.localhost.http.matrix_synapse}}" diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index a8d10544..dcb556cc 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -3,8 +3,9 @@ include_role: name: docker-central-database -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml +- name: "include role receive certbot certificate" + include_role: + name: nginx-https-recieve-certificate - name: create nextcloud nginx proxy configuration file template: diff --git a/roles/docker-peertube/tasks/create-domains.yml b/roles/docker-peertube/tasks/create-domains.yml index fc330f98..7c2afbc0 100644 --- a/roles/docker-peertube/tasks/create-domains.yml +++ b/roles/docker-peertube/tasks/create-domains.yml @@ -1,5 +1,6 @@ -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml +- name: "include role receive certbot certificate" + include_role: + name: nginx-https-recieve-certificate - name: configure {{domain}}.conf template: diff --git a/roles/nginx-domain-redirect/tasks/main.yml b/roles/nginx-domain-redirect/tasks/main.yml index 5073389f..2da1b769 100644 --- a/roles/nginx-domain-redirect/tasks/main.yml +++ b/roles/nginx-domain-redirect/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: "include task receive certbot certificate" - include_tasks: recieve-certbot-certificate.yml + include_role: + name: nginx-https-recieve-certificate vars: domain: "{{item.source}}" loop: "{{domain_mappings}}" diff --git a/roles/nginx-https-recieve-certificate/README.md b/roles/nginx-https-recieve-certificate/README.md new file mode 100644 index 00000000..d6479f35 --- /dev/null +++ b/roles/nginx-https-recieve-certificate/README.md @@ -0,0 +1,39 @@ +# Let's Encrypt Certificate Role + +This Ansible role uses Certbot to obtain Let's Encrypt SSL/TLS certificates. It supports both dedicated and wildcard certificate requests based on domain conditions. It can also clean up (delete) dedicated certificates when cleanup mode is enabled. + +## Features + +- **Dedicated Certificate Request:** + Requests a certificate for a given domain using Certbot's `certonly` command with the webroot plugin. + +- **Wildcard Certificate Request:** + When enabled, obtains a wildcard certificate for the primary domain (including both the primary domain and all its direct subdomains). + +- **Certificate Cleanup:** + Provides an option to delete dedicated certificates if cleanup mode is active. + +- **Run Once for Wildcard:** + Ensures that the wildcard certificate task runs only once to prevent duplicate requests. + +## Tasks Overview + +- **Receive Dedicated Certificate:** + Executes Certbot to request a dedicated certificate for `{{ domain }}` when a wildcard certificate is not applicable. + +- **Receive Wildcard Certificate:** + Executes Certbot to request a wildcard certificate for `*{{ primary_domain }}` under the appropriate conditions. + +- **Cleanup Dedicated Certificate:** + Runs Certbot's delete command to remove the dedicated certificate if cleanup mode is active. + +- **Run Once Flag:** + Sets a fact to ensure that the wildcard certificate task is executed only once per playbook run. + +## Author + +This role is authored by [Kevin Veen-Birkenbach](https://www.veen.world). + +--- + +Feel free to contribute or open issues if you have suggestions or encounter any problems with the role. Enjoy secure connections with Let's Encrypt and Ansible! \ No newline at end of file diff --git a/roles/nginx-https-recieve-certificate/meta/main.yml b/roles/nginx-https-recieve-certificate/meta/main.yml new file mode 100644 index 00000000..49322377 --- /dev/null +++ b/roles/nginx-https-recieve-certificate/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: +- nginx-https diff --git a/tasks/recieve-certbot-certificate.yml b/roles/nginx-https-recieve-certificate/tasks/main.yml similarity index 100% rename from tasks/recieve-certbot-certificate.yml rename to roles/nginx-https-recieve-certificate/tasks/main.yml diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml index eaf60b97..4bb39261 100644 --- a/roles/nginx/meta/main.yml +++ b/roles/nginx/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - health-nginx + - nginx-global diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index c5b237b2..8f6aba2f 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -33,11 +33,15 @@ notify: restart nginx when: run_once_nginx is not defined -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml - vars: - domain: "{{primary_domain}}" - when: run_once_nginx is not defined +# Activated due to the reason that certificate management should be part of role nginx-https +# I don't know why this is activated here. +# Propably solved on 2025-02-15 . Please remove latest on 2025-12-31 if no errors appear or earlier +# +#- name: "include task certbot-and-globals.yml" +# include_tasks: certbot-and-globals.yml +# vars: +# domain: "{{primary_domain}}" +# when: run_once_nginx is not defined - name: flush nginx service meta: flush_handlers diff --git a/tasks/certbot-and-globals.yml b/tasks/certbot-and-globals.yml deleted file mode 100644 index 8a09f152..00000000 --- a/tasks/certbot-and-globals.yml +++ /dev/null @@ -1,6 +0,0 @@ -- name: "include task receive certbot certificate" - include_tasks: recieve-certbot-certificate.yml - -- name: Load global Nginx Configuration - include_role: - name: nginx-global \ No newline at end of file diff --git a/tasks/create-proxy-with-domain-replace.yml b/tasks/create-proxy-with-domain-replace.yml index 8f76a672..8f629b6e 100644 --- a/tasks/create-proxy-with-domain-replace.yml +++ b/tasks/create-proxy-with-domain-replace.yml @@ -1,5 +1,6 @@ -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml +- name: "include role receive certbot certificate" + include_role: + name: nginx-https-recieve-certificate - name: "include task create-domain-conf.yml" include_tasks: create-domain-conf.yml diff --git a/tasks/nginx-docker-proxy-domain.yml b/tasks/nginx-docker-proxy-domain.yml index 10f83c7c..3dcc0721 100644 --- a/tasks/nginx-docker-proxy-domain.yml +++ b/tasks/nginx-docker-proxy-domain.yml @@ -1,5 +1,6 @@ -- name: "include task certbot-and-globals.yml" - include_tasks: certbot-and-globals.yml +- name: "include role receive certbot certificate" + include_role: + name: nginx-https-recieve-certificate - name: "include task create-domain-conf.yml" include_tasks: create-domain-conf.yml