From 22aeb4324f56f54a486a3ba23253dee62dcc30a5 Mon Sep 17 00:00:00 2001 From: Matthew Fennell Date: Wed, 28 Feb 2024 21:13:48 +0000 Subject: Remove certificate renewal steps from playbook I would like certificate renewal to be handled centrally across all of my deployed services. Therefore, responsibility for certificate renewal no longer belongs in this playbook. --- playbook.yaml | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'playbook.yaml') diff --git a/playbook.yaml b/playbook.yaml index 583bf79..3b9561a 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -17,13 +17,11 @@ ansible.builtin.apt: name: - borgmatic # Backups - - certbot # SSL certificates - coturn # Audio / video calling server - lua-dbi-postgresql # Prosody postgres connection - postgresql # Database - prosody # XMPP server - prosody-modules # Extra addons - - python3-certbot-apache # Web server to issue challenge responses - python3-psycopg2 # Used by ansible postgres role - ufw # Firewall state: present @@ -65,22 +63,6 @@ - 5280 # XEP-0363 - 5281 # XEP-0363 become: true - - name: Ensure certbot on-renew hook is installed - ansible.builtin.copy: - src: "{{ playbook_dir }}/files/on_renew.sh" - dest: /etc/letsencrypt/renewal-hooks/deploy/prosody.sh - owner: root - group: root - mode: "0755" - become: true - - name: Ensure certificates are installed - ansible.builtin.command: >- - certbot --non-interactive --agree-tos --post-hook "/bin/true" - --email {{ certbot_email }} --no-eff-email --expand --apache --keep - -d {{ virtual_host }},upload.{{ virtual_host }},turn.{{ virtual_host }} - become: true - register: certbot - changed_when: "'Running post-hook command' in certbot.stdout" - name: Ensure turn is configured ansible.builtin.template: src: "{{ playbook_dir }}/files/turnserver.conf.j2" -- cgit v1.2.3