30 lines
835 B
YAML
30 lines
835 B
YAML
---
|
|
- name: Setup ssl certificates
|
|
block:
|
|
|
|
- name: Request ssl certificates
|
|
ansible.builtin.command: certbot --nginx --agree-tos -n -m "{{ nginx_ssl_email }}" -d "{{ site.url }}"
|
|
args:
|
|
creates:
|
|
- "{{ nginx_ssl_path }}/{{ site.url }}/cert.pem"
|
|
- "{{ nginx_ssl_path }}/{{ site.url }}/chain.pem"
|
|
- "{{ nginx_ssl_path }}/{{ site.url }}/fullchain.pem"
|
|
- "{{ nginx_ssl_path }}/{{ site.url }}/privkey.pem"
|
|
vars:
|
|
ssl: true
|
|
when:
|
|
- site.ssl is defined
|
|
- site.ssl
|
|
loop: "{{ nginx_sites }}"
|
|
loop_control:
|
|
loop_var: site
|
|
|
|
- name: Add cron job for ssl renewal
|
|
ansible.builtin.cron:
|
|
name: "Renew ssl certs"
|
|
minute: "{{ 59 | random }}"
|
|
hour: "*/12"
|
|
job: "/usr/bin/certbot renew --nginx --quiet"
|
|
when:
|
|
- ssl is defined
|