Make certbot a role

3 files changed, 46 insertions, 0 deletions

diff --git a/roles/certbot/files/certbot.service b/roles/certbot/files/certbot.service
new file mode 100644
index 0000000..bea307c
--- /dev/null
+++ b/roles/certbot/files/certbot.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Let's Encrypt renewal
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew --agree-tos --deploy-hook "systemctl reload nginx"
diff --git a/roles/certbot/files/certbot.timer b/roles/certbot/files/certbot.timer
new file mode 100644
index 0000000..565b4ee
--- /dev/null
+++ b/roles/certbot/files/certbot.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Renewal of Let's Encrypt's certificates
+
+[Timer]
+OnCalendar=daily
+OnCalendar=0/12:12:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
new file mode 100644
index 0000000..ca9ae87
--- /dev/null
+++ b/roles/certbot/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: Install certbot packages
+  ansible.builtin.package:
+    name:
+      - '{{ item }}'
+    state: present
+  loop:
+    - certbot
+    - certbot-nginx
+
+- name: Configure certbot systemd service
+  ansible.builtin.copy:
+    src: files/certbot/certbot.service
+    dest: /usr/lib/systemd/system
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+
+- name: Configure certbot systemd timer
+  ansible.builtin.copy:
+    src: files/certbot/certbot.timer
+    dest: /usr/lib/systemd/system
+    owner: root
+    group: root
+    mode: u+rw,g+r,o+r
+
+- name: Enable certbot systemd timer
+  ansible.builtin.service:
+    name: certbot.timer
+    enabled: yes
+    state: started