From 90bac3a30652320521c1b0cce0f45b2677a00576 Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Wed, 10 Jul 2024 16:43:18 +0200 Subject: [PATCH] feat(server/certbot): add support for certbot Signed-off-by: Matej Focko --- inventory/servers.yml | 3 +++ roles/server/certbot/tasks/install.yml | 7 +++++++ roles/server/certbot/tasks/main.yml | 12 ++++++++++++ roles/server/certbot/templates/cloudflare.ini | 1 + 4 files changed, 23 insertions(+) create mode 100644 roles/server/certbot/tasks/install.yml create mode 100644 roles/server/certbot/tasks/main.yml create mode 100644 roles/server/certbot/templates/cloudflare.ini diff --git a/inventory/servers.yml b/inventory/servers.yml index 985cd6f..4b5ebd1 100644 --- a/inventory/servers.yml +++ b/inventory/servers.yml @@ -4,3 +4,6 @@ servers: poincare: maxwell: system_sshd_port: 6969 + + vars: + cloudflare_token: None diff --git a/roles/server/certbot/tasks/install.yml b/roles/server/certbot/tasks/install.yml new file mode 100644 index 0000000..11e70d9 --- /dev/null +++ b/roles/server/certbot/tasks/install.yml @@ -0,0 +1,7 @@ +--- +- name: Install the Certbot and Cloudflare plugin + ansible.builtin.package: + name: + - certbot + - python3-certbot-dns-cloudflare + state: present diff --git a/roles/server/certbot/tasks/main.yml b/roles/server/certbot/tasks/main.yml new file mode 100644 index 0000000..cebff69 --- /dev/null +++ b/roles/server/certbot/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Packages + ansible.builtin.include_tasks: install.yml + tags: install + +- name: Install the Cloudflare secrets + ansible.builtin.template: + src: templates/cloudflare.ini + dest: /root/.secrets/cloudflare.ini + mode: 0600 + owner: root + group: root diff --git a/roles/server/certbot/templates/cloudflare.ini b/roles/server/certbot/templates/cloudflare.ini new file mode 100644 index 0000000..9b069ee --- /dev/null +++ b/roles/server/certbot/templates/cloudflare.ini @@ -0,0 +1 @@ +dns_cloudflare_api_token = {{ cloudflare_token }}