Init

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart quasselcore
+  systemd:
+    name: quasselcore.service
+    state: restarted

tasks/main.yml

@@ -0,0 +1,60 @@
+---
+- fail:
+    msg: Missing quasselcore_cert_email
+  when: not quasselcore_cert_email
+  tags: all
+
+- fail:
+    msg: Missing quasselcore_cert_domain
+  when: not quasselcore_cert_domain
+  tags: all
+
+- name: Ensure quassel-core is present
+  tags: all
+  apt:
+    name:
+      - quassel-core
+      - certbot
+    state: present
+
+- name: Check if certificate already exists.
+  tags: all
+  stat:
+    path: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/cert.pem
+  register: letsencrypt_cert
+
+- name: Create the certificates
+  tags: all
+  command: "certbot certonly --standalone --noninteractive --agree-tos --email {{ quasselcore_cert_email }} -d {{ quasselcore_cert_domain }}"
+  when: not letsencrypt_cert.stat.exists
+
+- name: Renew certificates
+  tags: renew
+  command: "certbot renew"
+  when: letsencrypt_cert.stat.exists
+  register: renewed
+
+- name: Compose the certs
+  tags: all
+  block:
+    - name: Remove the old cert
+      file:
+        path: /var/lib/quassel/quasselCert.pem
+        state: absent
+    - name: Assemble the files
+      assemble:
+        src: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/
+        dest: /var/lib/quassel/quasselCert.pem
+        regexp: "^(fullchain|privkey).pem$"
+        owner: quasselcore
+        group: quassel
+        mode: 0640
+        remote_src: yes
+  when: not letsencrypt_cert.stat.exists or renewed is defined and renewed.changed
+
+- name: Ensure the service is enabled and started
+  tags: all
+  systemd:
+    name: quasselcore.service
+    state: started
+    enabled: yes