WIP roles for easy selfhosting based on ansible
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

37 lines
867 B

---
# Generate a TLS certificate for $tls_domain
- name: "Create tls group"
group:
name: "tls"
system: true
- stat:
path: "/etc/letsencrypt/live/{{ tls_host }}/fullchain.pem"
register: s
- include: register.yml
when: not s.stat.exists
- name: "Ensure renewal is set to the right webroot for {{ tls_host }}"
lineinfile:
path: "/etc/letsencrypt/renewal/{{ tls_host }}.conf"
regexp: "^{{ alias }}"
line: "{{ alias }} = /var/www/{{ tls_host }}"
loop: "{{ tls_aliases|default([]) | union([tls_host]) }}"
loop_control:
loop_var: "alias"
- name: "Ensure permissions for certificates"
file:
path: "{{ folder }}"
state: "directory"
recurse: true
owner: "root"
group: "tls"
mode: "u=rwX,g=rX,o="
loop_control:
loop_var: "folder"
loop:
- "/etc/letsencrypt/live"
- "/etc/letsencrypt/archive"