2016-12-14 15:49:34 +01:00
|
|
|
---
|
|
|
|
|
|
|
|
- block:
|
2017-03-24 14:06:05 +01:00
|
|
|
- name: install jessie-backports
|
|
|
|
include_role:
|
2017-05-16 15:04:02 +02:00
|
|
|
name: apt-repositories
|
2017-03-24 14:06:05 +01:00
|
|
|
vars:
|
|
|
|
apt_repositories_install_backports: True
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-03-22 01:10:01 +01:00
|
|
|
- name: Add exceptions for certbot dependances
|
2016-12-14 15:49:34 +01:00
|
|
|
copy:
|
2017-03-24 14:06:05 +01:00
|
|
|
src: backports-certbot
|
|
|
|
dest: /etc/apt/preferences.d/z-backports-certbot
|
|
|
|
notify: apt update
|
|
|
|
|
|
|
|
- meta: flush_handlers
|
|
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
|
|
|
|
- name: Install certbot with apt
|
|
|
|
apt:
|
|
|
|
name: certbot
|
|
|
|
state: latest
|
|
|
|
|
|
|
|
- name: Check if /usr is a partition
|
|
|
|
shell: "mount | grep 'on /usr type'"
|
|
|
|
args:
|
|
|
|
warn: no
|
|
|
|
changed_when: False
|
|
|
|
failed_when: False
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
|
|
|
|
2017-03-24 14:06:05 +01:00
|
|
|
register: usr_partition
|
|
|
|
|
|
|
|
- name: Mount /usr in rw
|
|
|
|
command: mount -o remount,rw /usr
|
|
|
|
args:
|
|
|
|
warn: no
|
|
|
|
changed_when: False
|
|
|
|
when: usr_partition.rc == 0
|
|
|
|
|
|
|
|
- name: Remove certbot symlink for apt install
|
|
|
|
file:
|
|
|
|
path: /usr/local/bin/certbot
|
|
|
|
state: absent
|
2016-12-14 15:49:34 +01:00
|
|
|
|
|
|
|
- name: Remove certbot dpkg cron
|
|
|
|
file:
|
|
|
|
path: /etc/cron.d/certbot
|
|
|
|
state: absent
|
|
|
|
|
|
|
|
- name: Install certbot custom cron
|
|
|
|
copy:
|
|
|
|
src: certbot.cron
|
|
|
|
dest: /etc/cron.daily/certbot
|
2017-03-23 16:59:43 +01:00
|
|
|
mode: "0755"
|
2017-05-16 10:30:17 +02:00
|
|
|
|
|
|
|
- name: Find squid3 config whitelist
|
|
|
|
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
|
|
|
|
failed_when: false
|
|
|
|
changed_when: false
|
|
|
|
check_mode: no
|
|
|
|
register: squid3_whitelist_files
|
|
|
|
|
|
|
|
- name: Let's Encrypt OCSP server is authorized by squid
|
|
|
|
lineinfile:
|
|
|
|
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
|
|
|
|
line: "http://ocsp.int-x3.letsencrypt.org/.*"
|
|
|
|
state: present
|
|
|
|
notify: reload squid3
|
2017-05-16 15:04:24 +02:00
|
|
|
when: squid3_whitelist_files.stdout != ""
|