From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Wed, 27 Sep 2023 21:22:56 +0000 (+0200)
Subject: Add a script for obtaining certificates.
X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=071c9622ca61ffe4b1da160c9d29c3c94583d913;p=turnup.git

Add a script for obtaining certificates.
---

diff --git a/install/certify.yaml b/install/certify.yaml
new file mode 100644
index 0000000..cb59b40
--- /dev/null
+++ b/install/certify.yaml
@@ -0,0 +1,11 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- name: Obtain a certificate for {{ item.certificate }}
+  command: |
+    certbot certonly --keep-until-expiring --nginx --agree-tos \
+      --cert-name {{ item.certificate }} --email {{ item.email }} \
+      --non-interactive --domains {{ item.domains | join(',') }}
+  args:
+    creates: "/etc/letsencrypt/live/{{ item.certificate }}"
+  become: true
diff --git a/install/ssl_certificates.yaml b/install/ssl_certificates.yaml
new file mode 100644
index 0000000..f7715bd
--- /dev/null
+++ b/install/ssl_certificates.yaml
@@ -0,0 +1,39 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  vars:
+    certificates:
+      - certificate: mail
+        domains:
+          - mail.dobity.eu.org
+          - ekhem.eu.org
+          - mail.ekhem.eu.org
+        email: jakub@ekhem.eu.org
+      - certificate: ekhem
+        domains:
+          - ekhem.eu.org
+          - git.ekhem.eu.org
+        email: jakub@ekhem.eu.org
+      - certificate: dobity
+        domains:
+          - drive.dobity.eu.org
+          - git.dobity.eu.org
+          - matrix.dobity.eu.org
+          - pass.dobity.eu.org
+          - yt.dobity.eu.org
+        email: jakub@ekhem.eu.org
+      - certificate: postgres
+        domains:
+          - psql.dobity.eu.org
+        email: jakub@ekhem.eu.org
+  tasks:
+    - name: Install certbot
+      package:
+        name:
+          - certbot
+          - python3-certbot-nginx
+        state: latest
+      become: true
+    - include_tasks: certify.yaml
+      with_items: "{{ certificates }}"
diff --git a/turnup.yaml b/turnup.yaml
index fc8a3d4..be39912 100644
--- a/turnup.yaml
+++ b/turnup.yaml
@@ -25,6 +25,8 @@
       with_items: "{{ files }}"
       when: "(item.dest + '/' + item.name) is not exists"
 
+- import_playbook: install/ssl_certificates.yaml
+
 - name: Deploy server
   import_playbook: server.yaml