From ce18a1206c9e6ca74177c8ca16e42efae934c00f Mon Sep 17 00:00:00 2001 From: Dmitry Ilvokhin Date: Sat, 6 Jan 2024 18:57:53 +0000 Subject: Make certbot a role --- roles/certbot/files/certbot.service | 6 ++++++ roles/certbot/files/certbot.timer | 10 ++++++++++ roles/certbot/tasks/main.yml | 30 ++++++++++++++++++++++++++++++ roles/web/files/certbot/certbot.service | 6 ------ roles/web/files/certbot/certbot.timer | 10 ---------- roles/web/handlers/main.yml | 1 - roles/web/tasks/certbot.yml | 30 ------------------------------ 7 files changed, 46 insertions(+), 47 deletions(-) create mode 100644 roles/certbot/files/certbot.service create mode 100644 roles/certbot/files/certbot.timer create mode 100644 roles/certbot/tasks/main.yml delete mode 100644 roles/web/files/certbot/certbot.service delete mode 100644 roles/web/files/certbot/certbot.timer delete mode 100644 roles/web/handlers/main.yml delete mode 100644 roles/web/tasks/certbot.yml diff --git a/roles/certbot/files/certbot.service b/roles/certbot/files/certbot.service new file mode 100644 index 0000000..bea307c --- /dev/null +++ b/roles/certbot/files/certbot.service @@ -0,0 +1,6 @@ +[Unit] +Description=Let's Encrypt renewal + +[Service] +Type=oneshot +ExecStart=/usr/bin/certbot renew --agree-tos --deploy-hook "systemctl reload nginx" diff --git a/roles/certbot/files/certbot.timer b/roles/certbot/files/certbot.timer new file mode 100644 index 0000000..565b4ee --- /dev/null +++ b/roles/certbot/files/certbot.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Renewal of Let's Encrypt's certificates + +[Timer] +OnCalendar=daily +OnCalendar=0/12:12:00 +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml new file mode 100644 index 0000000..ca9ae87 --- /dev/null +++ b/roles/certbot/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Install certbot packages + ansible.builtin.package: + name: + - '{{ item }}' + state: present + loop: + - certbot + - certbot-nginx + +- name: Configure certbot systemd service + ansible.builtin.copy: + src: files/certbot/certbot.service + dest: /usr/lib/systemd/system + owner: root + group: root + mode: u+rw,g+r,o+r + +- name: Configure certbot systemd timer + ansible.builtin.copy: + src: files/certbot/certbot.timer + dest: /usr/lib/systemd/system + owner: root + group: root + mode: u+rw,g+r,o+r + +- name: Enable certbot systemd timer + ansible.builtin.service: + name: certbot.timer + enabled: yes + state: started diff --git a/roles/web/files/certbot/certbot.service b/roles/web/files/certbot/certbot.service deleted file mode 100644 index bea307c..0000000 --- a/roles/web/files/certbot/certbot.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Let's Encrypt renewal - -[Service] -Type=oneshot -ExecStart=/usr/bin/certbot renew --agree-tos --deploy-hook "systemctl reload nginx" diff --git a/roles/web/files/certbot/certbot.timer b/roles/web/files/certbot/certbot.timer deleted file mode 100644 index 565b4ee..0000000 --- a/roles/web/files/certbot/certbot.timer +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Renewal of Let's Encrypt's certificates - -[Timer] -OnCalendar=daily -OnCalendar=0/12:12:00 -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/roles/web/handlers/main.yml b/roles/web/handlers/main.yml deleted file mode 100644 index 58b30be..0000000 --- a/roles/web/handlers/main.yml +++ /dev/null @@ -1 +0,0 @@ -- ansible.builtin.import_tasks: roles/web/handlers/nginx.yml diff --git a/roles/web/tasks/certbot.yml b/roles/web/tasks/certbot.yml deleted file mode 100644 index d480a2d..0000000 --- a/roles/web/tasks/certbot.yml +++ /dev/null @@ -1,30 +0,0 @@ -- name: Install certbot packages - ansible.builtin.package: - name: - - '{{ item }}' - state: present - loop: - - certbot - - certbot-nginx - -- name: Configure certbot systemd service - ansible.builtin.copy: - src: roles/web/files/certbot/certbot.service - dest: /usr/lib/systemd/system - owner: root - group: root - mode: u+rw,g+r,o+r - -- name: Configure certbot systemd timer - ansible.builtin.copy: - src: roles/web/files/certbot/certbot.timer - dest: /usr/lib/systemd/system - owner: root - group: root - mode: u+rw,g+r,o+r - -- name: Enable certbot systemd timer - ansible.builtin.service: - name: certbot.timer - enabled: yes - state: started -- cgit v1.2.3-70-g09d2