61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
---
|
|
- fail:
|
|
msg: Missing quasselcore_cert_email
|
|
when: not quasselcore_cert_email
|
|
tags: all
|
|
|
|
- fail:
|
|
msg: Missing quasselcore_cert_domain
|
|
when: not quasselcore_cert_domain
|
|
tags: all
|
|
|
|
- name: Ensure quassel-core is present
|
|
tags: all
|
|
apt:
|
|
name:
|
|
- quassel-core
|
|
- certbot
|
|
state: present
|
|
|
|
- name: Check if certificate already exists.
|
|
tags: all
|
|
stat:
|
|
path: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/cert.pem
|
|
register: letsencrypt_cert
|
|
|
|
- name: Create the certificates
|
|
tags: all
|
|
command: "certbot certonly --standalone --noninteractive --agree-tos --email {{ quasselcore_cert_email }} -d {{ quasselcore_cert_domain }}"
|
|
when: not letsencrypt_cert.stat.exists
|
|
|
|
- name: Renew certificates
|
|
tags: renew
|
|
command: "certbot renew"
|
|
when: letsencrypt_cert.stat.exists
|
|
register: renewed
|
|
|
|
- name: Compose the certs
|
|
tags: all
|
|
block:
|
|
- name: Remove the old cert
|
|
file:
|
|
path: /var/lib/quassel/quasselCert.pem
|
|
state: absent
|
|
- name: Assemble the files
|
|
assemble:
|
|
src: /etc/letsencrypt/live/{{ quasselcore_cert_domain }}/
|
|
dest: /var/lib/quassel/quasselCert.pem
|
|
regexp: "^(fullchain|privkey).pem$"
|
|
owner: quasselcore
|
|
group: quassel
|
|
mode: 0640
|
|
remote_src: yes
|
|
when: not letsencrypt_cert.stat.exists or renewed is defined and renewed.changed
|
|
|
|
- name: Ensure the service is enabled and started
|
|
tags: all
|
|
systemd:
|
|
name: quasselcore.service
|
|
state: started
|
|
enabled: yes
|