kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-04 12:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6fcf6a1ab6ce3e7d8d0e9470bc067abf95ba33b2
computer-playbook/roles/sys-svc-certs/tasks/flavors/dedicated.yml
Kevin Veen-Birkenbach 7d150fa021 DNS & certs refactor: 
- Switch certbot flag from MODE_TEST → MODE_DUMMY in dedicated certs
- Add sys-svc-dns defaults for CLOUDFLARE_NAMESERVERS
- Introduce 02_nameservers.yml for NS cleanup + enforce, adjust task ordering (apex now 03_apex.yml)
- Enforce quoting for Bluesky and Mailu TXT records
- Add cleanup of MX/TXT/DMARC/DKIM in Mailu role
- Normalize no_log handling in Nextcloud plugin
- Simplify async conditionals in Collabora role
Conversation: https://chatgpt.com/share/68cd20d8-9ba8-800f-b070-f7294f072c40
2025-09-19 11:22:51 +02:00

30 lines
1.1 KiB
YAML
Raw Blame History

- name: "Check if certificate already exists for '{{ domain }}'"
cert_check_exists:
domain: "{{ domain }}"
cert_base_path: "{{ LETSENCRYPT_LIVE_PATH }}"
register: cert_check
- name: "receive certificate for '{{ domain }}'"
command: >-
certbot certonly
--agree-tos
--email {{ users.administrator.email }}
--non-interactive
{% if CERTBOT_ACME_CHALLENGE_METHOD != "webroot" %}
--dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}
--dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}-credentials {{ CERTBOT_CREDENTIALS_FILE }}
--dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}-propagation-seconds {{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}
{% else %}
--webroot
-w {{ LETSENCRYPT_WEBROOT_PATH }}
{% endif %}
{% if wildcard_domain is defined and ( wildcard_domain | bool ) %}
-d {{ PRIMARY_DOMAIN }}
-d *.{{ PRIMARY_DOMAIN }}
{% else %}
-d {{ domain }}
{% endif %}
{{ '--test-cert' if MODE_DUMMY | bool else '' }}
register: certbot_result
changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout"
when: not cert_check.exists
Reference in New Issue View Git Blame Copy Permalink