blob: 25cb320165921c21117862ed33beea0bb5f193be (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
- name: Install certbot package
ansible.builtin.package:
name:
- '{{ item }}'
state: present
loop:
- certbot
- name: Setup certbot directories
ansible.builtin.file:
path: '{{ item }}'
state: directory
owner: root
group: root
mode: u+rw,g+r,o+r
loop:
- /etc/letsencrypt/renewal-hooks
- /etc/letsencrypt/renewal-hooks/deploy
- /etc/letsencrypt/renewal-hooks/post
- /etc/letsencrypt/renewal-hooks/pre
- name: Configure certbot systemd service
ansible.builtin.copy:
src: files/certbot.service
dest: /usr/lib/systemd/system
owner: root
group: root
mode: u+rw,g+r,o+r
- name: Configure certbot systemd timer
ansible.builtin.copy:
src: files/certbot.timer
dest: /usr/lib/systemd/system
owner: root
group: root
mode: u+rw,g+r,o+r
- name: Enable certbot systemd timer
# `ansible.builtin.systemd_service` used here intentionally instead of
# `ansible.builtin.service` to issue `systemctl daemon-reload` in case of
# changes in Ansible managed unit file.
ansible.builtin.systemd_service:
name: certbot.timer
enabled: true
state: started
daemon_reload: true
|