diff --git a/inventory/servers.yml b/inventory/servers.yml index 985cd6f..4b5ebd1 100644 --- a/inventory/servers.yml +++ b/inventory/servers.yml @@ -4,3 +4,6 @@ servers: poincare: maxwell: system_sshd_port: 6969 + + vars: + cloudflare_token: None diff --git a/roles/server/certbot/tasks/install.yml b/roles/server/certbot/tasks/install.yml new file mode 100644 index 0000000..11e70d9 --- /dev/null +++ b/roles/server/certbot/tasks/install.yml @@ -0,0 +1,7 @@ +--- +- name: Install the Certbot and Cloudflare plugin + ansible.builtin.package: + name: + - certbot + - python3-certbot-dns-cloudflare + state: present diff --git a/roles/server/certbot/tasks/main.yml b/roles/server/certbot/tasks/main.yml new file mode 100644 index 0000000..cebff69 --- /dev/null +++ b/roles/server/certbot/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Packages + ansible.builtin.include_tasks: install.yml + tags: install + +- name: Install the Cloudflare secrets + ansible.builtin.template: + src: templates/cloudflare.ini + dest: /root/.secrets/cloudflare.ini + mode: 0600 + owner: root + group: root diff --git a/roles/server/certbot/templates/cloudflare.ini b/roles/server/certbot/templates/cloudflare.ini new file mode 100644 index 0000000..9b069ee --- /dev/null +++ b/roles/server/certbot/templates/cloudflare.ini @@ -0,0 +1 @@ +dns_cloudflare_api_token = {{ cloudflare_token }}