master
blallo 2021-04-11 18:03:17 +02:00
commit 4707eb6aee
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
2 changed files with 65 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
- name: restart quasselcore
systemd:
name: quasselcore.service
state: restarted

60
tasks/main.yml 100644
View File

@ -0,0 +1,60 @@
---
- fail:
msg: Missing quasselcore_cert_email
when: not quasselcore_cert_email
tags: all
- fail:
msg: Missing quasselcore_cert_domain
when: not quasselcore_cert_domain
tags: all
- name: Ensure quassel-core is present
tags: all
apt:
name:
- quassel-core
- certbot
state: present
- name: Check if certificate already exists.
tags: all
stat:
path: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/cert.pem
register: letsencrypt_cert
- name: Create the certificates
tags: all
command: "certbot certonly --standalone --noninteractive --agree-tos --email {{ quasselcore_cert_email }} -d {{ quasselcore_cert_domain }}"
when: not letsencrypt_cert.stat.exists
- name: Renew certificates
tags: renew
command: "certbot renew"
when: letsencrypt_cert.stat.exists
register: renewed
- name: Compose the certs
tags: all
block:
- name: Remove the old cert
file:
path: /var/lib/quassel/quasselCert.pem
state: absent
- name: Assemble the files
assemble:
src: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/
dest: /var/lib/quassel/quasselCert.pem
regexp: "^(fullchain|privkey).pem$"
owner: quasselcore
group: quassel
mode: 0640
remote_src: yes
when: not letsencrypt_cert.stat.exists or renewed is defined and renewed.changed
- name: Ensure the service is enabled and started
tags: all
systemd:
name: quasselcore.service
state: started
enabled: yes