diff options
| -rwxr-xr-x | files/on_renew.sh | 6 | ||||
| -rw-r--r-- | playbook.yaml | 16 |
2 files changed, 22 insertions, 0 deletions
diff --git a/files/on_renew.sh b/files/on_renew.sh new file mode 100755 index 0000000..7f710ae --- /dev/null +++ b/files/on_renew.sh @@ -0,0 +1,6 @@ +#!/bin/sh +# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev> +# +# SPDX-License-Identifier: AGPL-3.0-only + +/usr/bin/prosodyctl --root cert import /etc/letsencrypt/live diff --git a/playbook.yaml b/playbook.yaml index da17227..3a151f7 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -26,6 +26,22 @@ - WWW - XMPP become: true + - name: Ensure certbot on-renew hook is installed + ansible.builtin.copy: + src: "{{ playbook_dir }}/files/on_renew.sh" + dest: /etc/letsencrypt/renewal-hooks/deploy/prosody.sh + owner: root + group: root + mode: "0755" + become: true + - name: Ensure certificates are installed + ansible.builtin.command: >- + certbot --non-interactive --agree-tos --post-hook "/bin/true" + --email {{ certbot_email }} --no-eff-email --apache + --domains {{ virtual_host }} + become: true + register: certbot + changed_when: "'Running post-hook command' in certbot.stdout" - name: Ensure top-level prosody configuration is installed ansible.builtin.copy: src: "{{ playbook_dir }}/files/prosody.cfg.lua" |