dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
configpolicy/roles/minio-backups-cert/tasks/main.yml

81 lines
1.9 KiB
YAML
Raw Blame History

- name: ensure packages are installed
package:
name:
- bind-utils
- certbot
tags:
- install
- name: ensure certbot nsupdate scripts are installed
copy:
src: '{{ item }}'
dest: /etc/letsencrypt/{{ item }}
owner: root
group: root
mode: u=rwx,go=rx
loop:
- nsupdate-auth.sh
- nsupdate-cleanup.sh
tags:
- scripts
- name: ensure minio server certificate exists
command:
certbot certonly -n
--manual
--manual-auth-hook /etc/letsencrypt/nsupdate-auth.sh
--manual-cleanup-hook /etc/letsencrypt/nsupdate-cleanup.sh
--preferred-challenges dns
{% for domain in minio_cert_domains %}
-d {{ domain }}
{% endfor %}
--server {{ minio_cert_acme_server }}
--agree-tos
--email {{ minio_cert_acme_email }}
args:
creates: /etc/letsencrypt/live/{{ minio_cert_main_domain }}/fullchain.pem
tags:
- cert
- name: ensure certbot deploy renewal hook script is installed
copy:
src: deploy-hook.sh
dest: /etc/letsencrypt/renewal-hooks/deploy/nginx.sh
owner: root
group: root
mode: u=rwx,go=rx
tags:
- deploy-hook
- name: ensure certbot renewal period is configured for minio server cert
lineinfile:
line: renew_before_expiry = 8 hours
regexp: '^#?\s*renew_before_expiry\s*='
path: /etc/letsencrypt/renewal/{{ minio_cert_main_domain }}.conf
state: present
tags:
- config
- name: ensure certbot-renew timer unit drop-in directory exists
file:
path: /etc/systemd/system/certbot-renew.timer.d
owner: root
group: root
mode: u=rwx,go=rx
state: directory
tags:
- systemd
- name: ensure certbot-renew timer schedule is configured
template:
src: certbot-renew.timer.j2
dest: /etc/systemd/system/certbot-renew.timer.d/schedule.conf
owner: root
group: root
mode: u=rw,go=r
notify:
- reload systemd
- restart certbot-renew timer
tags:
- systemd
Reference in New Issue View Git Blame Copy Permalink