Merged client playbook and server playbook

2025-09-03 08:56:01 +02:00 · 2023-04-18 14:52:43 +02:00
parent 2c76f99dd1
commit ec0dbee7bb
341 changed files with 153 additions and 811 deletions
--- a/roles/server_native-certbot-nginx/handlers/main.yml
+++ b/roles/server_native-certbot-nginx/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: "reload certbot service"
+  systemd:
+    name: certbot.service
+    state: reloaded
+    enabled: yes
+    daemon_reload: yes
+- name: "restart certbot timer"
+  systemd:
+    name: certbot.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
--- a/roles/server_native-certbot-nginx/meta/main.yml
+++ b/roles/server_native-certbot-nginx/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+- native-nginx
+- native-systemd-email
--- a/roles/server_native-certbot-nginx/tasks/main.yml
+++ b/roles/server_native-certbot-nginx/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: install certbot
+  pacman:
+    name: [certbot,certbot-nginx]
+    state: present
+
+- name: configure certbot.service.tpl
+  template: 
+    src:  certbot.service.j2
+    dest: /etc/systemd/system/certbot.service
+  notify: reload certbot service
+
+- name: configure certbot.timer.tpl
+  template:
+    src:  certbot.timer.j2
+    dest: /etc/systemd/system/certbot.timer
+  notify: restart certbot timer
--- a/roles/server_native-certbot-nginx/templates/certbot.service.j2
+++ b/roles/server_native-certbot-nginx/templates/certbot.service.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Let's Encrypt renewal
+OnFailure=systemd-email@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew --quiet --agree-tos
+ExecStartPost=/bin/systemctl reload nginx.service
--- a/roles/server_native-certbot-nginx/templates/certbot.timer.j2
+++ b/roles/server_native-certbot-nginx/templates/certbot.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Renewal of Let's Encrypt's certificates
+
+[Timer]
+OnCalendar=0/12:00:00
+RandomizedDelaySec={{randomized_delay_sec}}
+Persistent=true
+
+[Install]
+WantedBy=timers.target