pleiades-ansible/ssl-cert.yml at master · isawnyu/pleiades-ansible · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
---
- hosts: all
  become: true
  become_user: root
  become_method: sudo

  pre_tasks:

    - name: Check whether certificate exists
      stat: "path={{ pleiades_cert_file }}"
      register: ssl_certificate

    - name: Install letsencrypt packages
      apt:
        pkg:
          - certbot
          - python3-certbot
          - python3-certbot-apache

    - name: Create apache conf dir
      file: path=/etc/apache2/conf-available/ recurse=yes state=directory owner=root

    - name: Create apache sites dir
      file: path=/etc/apache2/sites-available/ recurse=yes state=directory owner=root

    - name: Create apache enabled sites dir
      file: path=/etc/apache2/sites-enabled/ recurse=yes state=directory owner=root

    - name: Apache pleiades include config
      template: src=templates/pleiades-server.conf.j2 dest=/etc/apache2/conf-available/pleiades-server.conf owner=root group=root mode=0644

    - name: Apache pleiades site config
      template: src=templates/pleiades.stoa.org.j2 dest=/etc/apache2/sites-available/pleiades.stoa.org.conf owner=root group=root mode=0644

    - name: Apache pleiades symlink
      file: src=/etc/apache2/sites-available/pleiades.stoa.org.conf dest=/etc/apache2/sites-enabled/00-pleiades.stoa.org.conf state=link

    - name: Start apache
      service: name=apache2 state=restarted enabled=yes

  roles:

    - role: geerlingguy.apache
      apache_ignore_missing_ssl_certificate: true

  tasks:

    - name: Run certbot certificate install if missing
      command:
        cmd: certbot certonly --apache --email {{ certbot_account_email }} -d  {{ pleiades_ssl_vhost }} --agree-tos --non-interactive
        creates: "{{ pleiades_cert_file }}"
      when: pleiades_ssl_vhost is defined

    - name: Check whether certificate exists
      stat: "path={{ pleiades_cert_file }}"
      register: ssl_certificate

    - name: Apache pleiades site config
      template: src=templates/pleiades.stoa.org.j2 dest=/etc/apache2/sites-available/pleiades.stoa.org.conf owner=root group=root mode=0644

    - name: Start apache
      service: name=apache2 state=restarted enabled=yes