homelab/roles/tls/tasks/main.yml

---
- name: Install certbot
  become: true
  ansible.builtin.apt:
    pkg:
      - certbot
      - python3-certbot-dns-cloudflare
- name: Create certbot directory
  become: true
  ansible.builtin.file:
    path: /etc/certbot
    state: directory
    owner: root
    group: root
    mode: '1750'
- name: Copy cloudflare credentials
  become: true
  ansible.builtin.template:
    src: cloudflare.ini.j2
    dest: /etc/certbot/cloudflare.ini
    owner: root
    group: root
    mode: '0660'
- name: Issue certificates
  become: true
  ansible.builtin.shell:
    certbot certonly -n --agree-tos --expand --email {{ email }} --dns-cloudflare --dns-cloudflare-credentials /etc/certbot/cloudflare.ini -d {{ domain }} -d '*.{{ domain }}'
  args:
    creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
- name: Create a directory to store combined files
  become: true
  ansible.builtin.file:
    path: /etc/haproxy/certs
    state: directory
    mode: '1700'
    owner: "99"
    group: "99"
- name: Combine certificate and private key
  become: true
  ansible.builtin.shell:
    cat fullchain.pem privkey.pem > /etc/haproxy/certs/{{ domain }}.pem
  args:
    chdir: /etc/letsencrypt/live/{{ domain }}
Initial commit 2024-09-29 18:04:34 +05:00			`---`
			`- name: Install certbot`
			`become: true`
			`ansible.builtin.apt:`
			`pkg:`
			`- certbot`
			`- python3-certbot-dns-cloudflare`
			`- name: Create certbot directory`
			`become: true`
			`ansible.builtin.file:`
			`path: /etc/certbot`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '1750'`
			`- name: Copy cloudflare credentials`
			`become: true`
			`ansible.builtin.template:`
			`src: cloudflare.ini.j2`
			`dest: /etc/certbot/cloudflare.ini`
			`owner: root`
			`group: root`
			`mode: '0660'`
			`- name: Issue certificates`
			`become: true`
			`ansible.builtin.shell:`
			`certbot certonly -n --agree-tos --expand --email {{ email }} --dns-cloudflare --dns-cloudflare-credentials /etc/certbot/cloudflare.ini -d {{ domain }} -d '*.{{ domain }}'`
			`args:`
			`creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem`
			`- name: Create a directory to store combined files`
			`become: true`
			`ansible.builtin.file:`
			`path: /etc/haproxy/certs`
			`state: directory`
Move haproxy to a docker container 2024-10-14 23:58:06 +05:00			`mode: '1700'`
			`owner: "99"`
			`group: "99"`
Initial commit 2024-09-29 18:04:34 +05:00			`- name: Combine certificate and private key`
			`become: true`
			`ansible.builtin.shell:`
			`cat fullchain.pem privkey.pem > /etc/haproxy/certs/{{ domain }}.pem`
			`args:`
			`chdir: /etc/letsencrypt/live/{{ domain }}`