--- /dev/null
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- name: Obtain a certificate for {{ item.certificate }}
+ command: |
+ certbot certonly --keep-until-expiring --nginx --agree-tos \
+ --cert-name {{ item.certificate }} --email {{ item.email }} \
+ --non-interactive --domains {{ item.domains | join(',') }}
+ args:
+ creates: "/etc/letsencrypt/live/{{ item.certificate }}"
+ become: true
--- /dev/null
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+ vars:
+ certificates:
+ - certificate: mail
+ domains:
+ - mail.dobity.eu.org
+ - ekhem.eu.org
+ - mail.ekhem.eu.org
+ email: jakub@ekhem.eu.org
+ - certificate: ekhem
+ domains:
+ - ekhem.eu.org
+ - git.ekhem.eu.org
+ email: jakub@ekhem.eu.org
+ - certificate: dobity
+ domains:
+ - drive.dobity.eu.org
+ - git.dobity.eu.org
+ - matrix.dobity.eu.org
+ - pass.dobity.eu.org
+ - yt.dobity.eu.org
+ email: jakub@ekhem.eu.org
+ - certificate: postgres
+ domains:
+ - psql.dobity.eu.org
+ email: jakub@ekhem.eu.org
+ tasks:
+ - name: Install certbot
+ package:
+ name:
+ - certbot
+ - python3-certbot-nginx
+ state: latest
+ become: true
+ - include_tasks: certify.yaml
+ with_items: "{{ certificates }}"
with_items: "{{ files }}"
when: "(item.dest + '/' + item.name) is not exists"
+- import_playbook: install/ssl_certificates.yaml
+
- name: Deploy server
import_playbook: server.yaml
projects / turnup.git / commitdiff