kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved mapping bugs

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-02-03 22:08:16 +01:00
parent 8a6adf3958
commit 7781083161
7 changed files with 61 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
tasks/recieve-certbot-certificate.yml
View File

@@ -1,28 +1,39 @@
- name: "recieve certbot certificate for {{ domain }}"
- name: "recieve dedicated certificate for {{ domain }}"
command: >-
certbot certonly --agree-tos --email {{ administrator_email }}
--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}
{{ '--test-cert' if mode_test | bool else '' }}
when: not enable_wildcard_certificate | bool or primary_domain not in domain
when:
- not enable_wildcard_certificate | bool
# Wildcard certificate should not be used
- not (domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain))
# OR: The domain is not a first-level subdomain of the primary domain
- name: "recieve certbot certificate for *{{ primary_domain }}"
- name: "recieve wildcard certificate for *{{ primary_domain }}"
command: >-
certbot certonly --agree-tos --email {{ administrator_email }}
certbot certonly --agree-tos --email {{ administrator_email }}
--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
{{ '--test-cert' if mode_test | bool else '' }}
when:
- enable_wildcard_certificate | bool
- primary_domain in domain
- run_once_recieve_certificate is not defined
- enable_wildcard_certificate | bool
# Wildcard certificate is enabled
- domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
# AND: The domain is a direct first-level subdomain of the primary domain
- run_once_recieve_certificate is not defined
# Ensure this task runs only once for the wildcard certificate
- name: "Cleanup dedicated cert for {{ domain }}"
command: >-
certbot delete --cert-name {{ domain }} --non-interactive
when:
- mode_cleanup | bool
- enable_wildcard_certificate | bool
- primary_domain in domain
- domain != primary_domain
- mode_cleanup | bool
# Cleanup mode is enabled
- enable_wildcard_certificate | bool
# Wildcard certificate is enabled
- domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
# AND: The domain is a direct first-level subdomain of the primary domain
- domain != primary_domain
# The domain is not the primary domain
ignore_errors: true
- name: run the recieve_certificate tasks once