kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized cloudflare implementation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-04-29 02:20:10 +02:00
parent d796158c61
commit e5e394d470
13 changed files with 249 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/nginx-https-get-cert/tasks/flavors/dedicated.yml
View File

@@ -1,3 +1,9 @@
- name: "Check if certificate already exists for {{ domain }}"
cert_check_exists:
domain: "{{ domain }}"
cert_base_path: "{{ certbot_cert_path }}"
register: cert_check
- name: "receive certificate for {{ domain }}"
command: >-
certbot certonly
@@ -21,3 +27,4 @@
{{ '--test-cert' if mode_test | bool else '' }}
register: certbot_result
changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout"
when: not cert_check.exists

32
roles/nginx-https-get-cert/tasks/main.yml
View File

@@ -1,24 +1,24 @@
- name: "Include flavor"
include_tasks: "{{ role_path }}/tasks/flavors/{{ certbot_flavor }}.yml"
- name: "Cleanup dedicated cert for {{ domain }}"
command: >-
certbot delete --cert-name {{ domain }} --non-interactive
when:
- mode_cleanup | bool
# Cleanup mode is enabled
- certbot_flavor != 'dedicated'
# Wildcard certificate is enabled
- domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
# AND: The domain is a direct first-level subdomain of the primary domain
- domain != primary_domain
# The domain is not the primary domain
register: certbot_result
failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr)
changed_when: certbot_result.rc == 0 and ("No certificate found with name" not in certbot_result.stderr)
#- name: "Cleanup dedicated cert for {{ domain }}"
# command: >-
# certbot delete --cert-name {{ domain }} --non-interactive
# when:
# - mode_cleanup | bool
# # Cleanup mode is enabled
# - certbot_flavor != 'dedicated'
# # Wildcard certificate is enabled
# - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
# # AND: The domain is a direct first-level subdomain of the primary domain
# - domain != primary_domain
# # The domain is not the primary domain
# register: certbot_result
# failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr)
# changed_when: certbot_result.rc == 0 and ("No certificate found with name" not in certbot_result.stderr)
- name: Find SSL cert folder for domain
find_cert_folder:
cert_folder_find:
domain: "{{ domain }}"
certbot_flavor: "{{ certbot_flavor }}"
cert_base_path: "{{ certbot_cert_path }}"