diff options
| author | Christian Segundo | 2023-04-20 12:16:02 +0200 |
|---|---|---|
| committer | Christian Segundo | 2023-04-20 12:16:02 +0200 |
| commit | 8528ecb1102c9b09d5ad6213790eb1c0768fb7d7 (patch) | |
| tree | 2b7a2a5e450b5995058fa5f0e7d60aad7ccc29be | |
| download | certbot-dns-cloudflare-8528ecb1102c9b09d5ad6213790eb1c0768fb7d7.tar.gz | |
first commit
| -rw-r--r-- | README.md | 19 | ||||
| -rw-r--r-- | defaults/main.yml | 5 | ||||
| -rw-r--r-- | meta/main.yml | 17 | ||||
| -rw-r--r-- | tasks/main.yaml | 39 | ||||
| -rw-r--r-- | vars/main.yaml | 3 |
5 files changed, 83 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..f04f4c5 --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# certbot_dns_cloudflare + +Wrapper of `geerlingguy.certbot` to generate certificates using DNS challenges and Cloudflare. + +## Example playbook + +```yaml +--- +- hosts: foo + roles: + - role: someone_stole_my_name.certbot_dns_cloudflare + vars: + certbot_cloudflare_api_token: xxxxx + certbot_admin_email: foo@bar + certbot_certs: + - domains: + - "*.foo.bar" + - "foo.bar" +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..a344f54 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,5 @@ +--- +certbot_auto_renew_user: root +certbot_create_if_missing: true +certbot_install_method: package +certbot_create_method: standalone diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..74b41be --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,17 @@ +galaxy_info: + role_name: certbot_dns_cloudflare + description: Generate certificates using DNS challenge and Cloudflare + namespace: someone_stole_my_name + author: Christian Segundo + license: BSD-3-Clause + min_ansible_version: "2.7" + platforms: + - name: Debian + galaxy_tags: + - certbot + - dns + - letsencrypt + - ssl + - tls +dependencies: + - src: geerlingguy.certbot diff --git a/tasks/main.yaml b/tasks/main.yaml new file mode 100644 index 0000000..6d4e69d --- /dev/null +++ b/tasks/main.yaml @@ -0,0 +1,39 @@ +--- +- name: Install certbot-dns-cloudflare + apt: + name: python3-certbot-dns-cloudflare + +- name: Create letsencrypt directory + file: + path: /etc/letsencrypt + state: directory + owner: root + group: root + mode: "0710" + +- name: Create letsencrypt configuration + copy: + dest: /etc/letsencrypt/cli.ini + owner: root + group: root + mode: "0700" + content: | + # Let's Encrypt site-wide configuration + dns-cloudflare-credentials = /etc/letsencrypt/dns-cloudflare.ini + # Use the ACME v2 staging URI for testing things + # server = https://acme-staging-v02.api.letsencrypt.org/directory + # Production ACME v2 API endpoint + server = https://acme-v02.api.letsencrypt.org/directory + +- name: Create dns-cloudflare configuration + copy: + dest: /etc/letsencrypt/dns-cloudflare.ini + owner: root + group: root + mode: "0700" + content: | + dns_cloudflare_api_token = {{ certbot_cloudflare_api_token }} + +- name: Create certificates + import_role: + name: geerlingguy.certbot diff --git a/vars/main.yaml b/vars/main.yaml new file mode 100644 index 0000000..ea1f792 --- /dev/null +++ b/vars/main.yaml @@ -0,0 +1,3 @@ +--- +certbot_create_standalone_stop_services: [] +certbot_create_command: "certbot certonly --noninteractive --dns-cloudflare --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}" |