xenobyte/sukaato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added certbot configuration task with conditional porkbun API implementation, removed variables already declared in role vars/defaults, group_vars or host_vars

Browse Source
This commit is contained in:
Alex Tavarez
2025-07-23 15:27:26 -04:00
parent 47e42283a1
commit a7e8bd856c
1 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
configure@vps.yml
View File

@@ -8,9 +8,10 @@
# # below is just to remind you to use '--ask-pass' instead # # below is just to remind you to use '--ask-pass' instead
# ansible_password: "{{ root_auths[0].password }}" # ansible_password: "{{ root_auths[0].password }}"
FAMILY: "{{ ansible_facts['os_family'] }}" FAMILY: "{{ ansible_facts['os_family'] }}"
CURRENT_HOST_IP4: "{{ hostvars[inventory_hostname]['ansible_facts']['ansible_default_ipv4']['address'] }}" CURRENT_HOST_IP4: "{{ ansible_facts['default_ipv4']['address'] }}"
CURRENT_HOST_IP6: "{{ hostvars[inventory_hostname]['ansible_facts']['ansible_default_ipv6']['address'] }}" CURRENT_HOST_IP6: "{{ ansible_facts['default_ipv6']['address'] }}"
FQDN: "{{ domain_name | default(inventory_hostname, true) }}" FQDN: "{{ domain_name | default(inventory_hostname, true) }}"
acme_challenge: no
pre_tasks: pre_tasks:
- name: Set timezone - name: Set timezone
@@ -63,21 +64,69 @@
register: hosts_updated register: hosts_updated
when: CURRENT_HOST_IP6 is defined when: CURRENT_HOST_IP6 is defined
tags: ['baseconf', 'hostsfile_update'] tags: ['baseconf', 'hostsfile_update']
- name: Create a directory for client source code
file:
path: "{{ ansible_facts['user_dir'] }}/src/clients"
state: directory
- name: Create a directory for container service compose files
file:
path: "{{ compose_source_path }}"
state: directory
# - name: Create a directory for website or web server source code
# file:
# path: "{{ ansible_facts['user_dir'] }}/src/services/web"
# state: directory
tasks: tasks:
- name: Configure core packages - name: Configure core packages
include_role: include_role:
name: bootstrap name: bootstrap
tasks_from: config@corepkgs.yml tasks_from: config@corepkgs.yml
defaults_from: main
vars_from: main
vars: vars:
enrollment_key: "{{ crowdsec_key }}"
gcfs_password: "{{ gocrypt_password }}"
#@TODO improve filters for defining the two below variables #@TODO improve filters for defining the two below variables
official_name: "{{ [admin.actual_name if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}" official_name: "{{ [admin.actual_name if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}"
official_email: "{{ [admin.email if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}" official_email: "{{ [admin.email if admin.username == ansible_facts['user_id'] for admin in admin_auths][0] }}"
homedir: "{{ ansible_facts['user_dir'] }}"
register: pkgs_configured register: pkgs_configured
tags: ['default', 'configure_pkgs'] tags: ['default', 'configure_pkgs']
- name: Configure DNS using Certbot
include_role:
name: bootstrap
tasks_from: configure_core/certbot.yml
defaults_from: options/certbot.yml
vars_from: options/certbot.yml
register: dns_challenge_made
when: acme_challenge
tags: ['default', 'with_porkbun_api']
- name: Import DNS certificates and keys
block:
- name: Create SSL certificate
become: yes
become_method: sudo
copy:
src: ssl/domain.cert.pem
dest: "{{ web_root }}/domain.cert.pem"
force: yes
backup: yes
- name: Create private key
become: yes
become_method: sudo
copy:
src: ssl/private.key.pem
dest: "{{ web_root }}/private.key.pem"
force: yes
backup: yes
- name: Create public key
become: yes
become_method: sudo
copy:
src: ssl/public.key.pem
dest: "{{ web_root }}/public.key.pem"
force: yes
backup: yes
when: not acme_challenge
tags: ['default']
post_tasks: post_tasks:
- name: Do a system upgrade - name: Do a system upgrade