Ensure certificates are installed

This commit ensures certificates are installed, via Lets Encrypt.
author: Matthew Fennell <matthew@fennell.dev> 2024-01-07 14:08:57 +0000
committer: Matthew Fennell <matthew@fennell.dev> 2024-01-07 14:08:57 +0000
commit: 4a68510bac93a8d824e8634dc01ef25d21faddce (patch)
tree: 55a6fd1861736451da2e52b1ca20d6e8e6583d78 /playbook.yaml
parent: 664d581eb277c4be8d257906b6455bcba7860093 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/playbook.yaml b/playbook.yaml
index da17227..3a151f7 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -26,6 +26,22 @@
       - WWW
       - XMPP
      become: true
+   - name: Ensure certbot on-renew hook is installed
+     ansible.builtin.copy:
+      src: "{{ playbook_dir }}/files/on_renew.sh"
+      dest: /etc/letsencrypt/renewal-hooks/deploy/prosody.sh
+      owner: root
+      group: root
+      mode: "0755"
+     become: true
+   - name: Ensure certificates are installed
+     ansible.builtin.command: >-
+      certbot --non-interactive --agree-tos --post-hook "/bin/true"
+      --email {{ certbot_email }} --no-eff-email --apache
+      --domains {{ virtual_host }}
+     become: true
+     register: certbot
+     changed_when: "'Running post-hook command' in certbot.stdout"
    - name: Ensure top-level prosody configuration is installed
      ansible.builtin.copy:
       src: "{{ playbook_dir }}/files/prosody.cfg.lua"
author	Matthew Fennell <matthew@fennell.dev>	2024-01-07 14:08:57 +0000
committer	Matthew Fennell <matthew@fennell.dev>	2024-01-07 14:08:57 +0000
commit	4a68510bac93a8d824e8634dc01ef25d21faddce (patch)
tree	55a6fd1861736451da2e52b1ca20d6e8e6583d78 /playbook.yaml
parent	664d581eb277c4be8d257906b6455bcba7860093 (diff)