Browse Source

Initial commit

master
Mablr 1 year ago
commit
dd590a97c6
Signed by: mablr GPG Key ID: 7568670EF499017A
6 changed files with 117 additions and 0 deletions
  1. +18
    -0
      defaults/main.yml
  2. +22
    -0
      meta/main.yml
  3. +42
    -0
      tasks/create.yml
  4. +18
    -0
      tasks/install.yml
  5. +10
    -0
      tasks/main.yml
  6. +7
    -0
      templates/gandi.ini.j2

+ 18
- 0
defaults/main.yml View File

@ -0,0 +1,18 @@
---
# defaults file for certbot-gandi
debian_backports_repo: "deb http://deb.debian.org/debian buster-backports main"
certbot_dependencies:
- name: certbot
state: latest
- name: python3-certbot-dns-gandi
state: latest
gandi_apikey: ""
gandi_organization_id: ""
gandi_ini: "/etc/letsencrypt/gandi.ini"
certbot_email: "adminsys@example.com"
certbot_command: "certbot certonly --agree-tos --no-eff-email --email {{ certbot_email }} --rsa-key-size 4096 -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials {{ gandi_ini }}"
certbot_extra_options: ""
certbot_certs: []
certbot_haproxy: false
certbot_haproxy_path: "/etc/ssl/haproxy"
certbot_post_reload: []

+ 22
- 0
meta/main.yml View File

@ -0,0 +1,22 @@
galaxy_info:
author: Mablr
description: Installs certbot to make wildcards with gandi livedns API
company: Elukerio
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
license: GPL-2.0-or-later
min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
platforms:
- name: debian
versions:
- buster
galaxy_tags: [certbot, dns, letsencrypt, livedns, gandi]

+ 42
- 0
tasks/create.yml View File

@ -0,0 +1,42 @@
---
# tasks file for certbot-gandi
- name: create | import gandi.ini file
template:
src: gandi.ini.j2
dest: "{{ gandi_ini }}"
mode: '0600'
tags:
- gandi
- name: create | finding existing certs
stat:
path: /etc/letsencrypt/live/{{ cur_cert.name }}/cert.pem
register: le_cert
- name: create | certs gen
shell: "{{ certbot_command }} --cert-name {{ cur_cert.name }} -d '{{ cur_cert.domains | join(', ')}}' {{ certbot_extra_options }}"
when: not le_cert.stat.exists
environment:
http_proxy: "http://[{{ proxy_ip }}]:{{ http_proxy_port }}"
https_proxy: "http://[{{ proxy_ip }}]:{{ http_proxy_port }}"
tags:
- certbot
- block:
- name: create | directory for haproxy certs
file:
path: "{{ certbot_haproxy_path }}"
state: directory
owner: haproxy
group: haproxy
mode: '700'
- name: create | concatenate certs for haproxy
assemble:
src: "/etc/letsencrypt/live/{{ cur_cert.name }}/"
dest: "{{ certbot_haproxy_path }}/{{ cur_cert.name }}.pem"
regexp: "fullchain.pem|privkey.pem"
owner: haproxy
group: haproxy
mode: '0600'
tags: haproxy
when: certbot_haproxy

+ 18
- 0
tasks/install.yml View File

@ -0,0 +1,18 @@
---
# tasks file for certbot-gandi
- name: install | add backports repo
apt_repository:
repo: deb http://httpredir.debian.org/debian stretch-backports main
state: present
update_cache: yes
tags:
- apt
- backports
- name: install | installing certbot
apt:
name: "{{ item.name }}"
state: "{{ item.state }}"
with_items: "{{ certbot_dependencies }}"
tags:
- certbot-install-dependencies

+ 10
- 0
tasks/main.yml View File

@ -0,0 +1,10 @@
---
# tasks file for certbot-gandi
- include_tasks: install.yml
tags: install
- include_tasks: create.yml
with_items: "{{ certbot_certs }}"
loop_control:
loop_var: cur_cert
tags: create

+ 7
- 0
templates/gandi.ini.j2 View File

@ -0,0 +1,7 @@
# live dns v5 api key
certbot_plugin_gandi:dns_api_key={{ gandi_apikey }}
{% if gandi_organization_id is defined and gandi_organization_id|length == 37 %}
# organization id
certbot_plugin_gandi:dns_sharing_id={{ gandi_organization_id }}
{% endif %}

Loading…
Cancel
Save