2019-09-27 00:13:30 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: "System compatibility checks"
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.assert:
|
2019-09-27 00:13:30 +02:00
|
|
|
that:
|
|
|
|
|
- ansible_distribution == "Debian"
|
2020-03-15 12:00:10 +01:00
|
|
|
- ansible_distribution_major_version is version('8', '>=')
|
2019-09-27 00:13:30 +02:00
|
|
|
msg: only compatible with Debian 9+
|
|
|
|
|
|
2021-08-30 14:07:46 +02:00
|
|
|
- name: Install legacy script on Debian 8
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.include: install-legacy.yml
|
2020-03-15 12:00:10 +01:00
|
|
|
when:
|
|
|
|
|
- ansible_distribution == "Debian"
|
2021-08-30 14:07:46 +02:00
|
|
|
- ansible_distribution_major_version is version('9', '<')
|
2020-03-15 12:00:10 +01:00
|
|
|
|
2021-08-30 14:07:46 +02:00
|
|
|
- name: Install package on Debian 9+
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.include: install-package.yml
|
2020-03-15 12:00:10 +01:00
|
|
|
when:
|
|
|
|
|
- ansible_distribution == "Debian"
|
2021-08-30 14:07:46 +02:00
|
|
|
- ansible_distribution_major_version is version('9', '>=')
|
2019-09-27 00:13:30 +02:00
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include: acme-challenge.yml
|
2019-09-27 00:13:30 +02:00
|
|
|
|
2024-01-11 17:45:55 +01:00
|
|
|
# This is always going to mark a "change".
|
|
|
|
|
# Couldn't figure out why !
|
2019-09-27 00:13:30 +02:00
|
|
|
- name: Deploy hooks are present
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.copy:
|
2021-06-07 13:04:12 +02:00
|
|
|
src: hooks/deploy/
|
2019-09-27 00:13:30 +02:00
|
|
|
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
|
|
|
|
mode: "0700"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
2020-02-25 10:46:21 +01:00
|
|
|
|
2021-06-30 14:29:03 +02:00
|
|
|
- name: Manual deploy hook is present
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.copy:
|
2021-06-30 14:29:03 +02:00
|
|
|
src: hooks/manual-deploy.sh
|
|
|
|
|
dest: /etc/letsencrypt/renewal-hooks/manual-deploy.sh
|
|
|
|
|
mode: "0700"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
|
2021-05-03 11:44:59 +02:00
|
|
|
- name: "sync_remote is configured with servers"
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2021-05-03 11:44:59 +02:00
|
|
|
dest: /etc/letsencrypt/renewal-hooks/deploy/sync_remote.cf
|
2021-05-03 18:02:35 +02:00
|
|
|
regexp: "^servers="
|
2021-05-03 11:44:59 +02:00
|
|
|
line: "servers=\"{{ certbot_hooks_sync_remote_servers | join(' ') }}\""
|
|
|
|
|
create: yes
|
|
|
|
|
|
2021-06-07 13:04:12 +02:00
|
|
|
# begining of backward compatibility tasks
|
|
|
|
|
- name: Move deploy/commit-etc.sh to deploy/z-commit-etc.sh if present
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.command:
|
|
|
|
|
cmd: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
|
2020-02-25 10:46:21 +01:00
|
|
|
args:
|
|
|
|
|
removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
|
|
|
|
|
creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
|
2021-06-07 13:04:12 +02:00
|
|
|
# end of backward compatibility tasks
|
2020-02-25 10:46:21 +01:00
|
|
|
|
|
|
|
|
- name: "certbot lock is ignored by Git"
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2020-02-25 10:46:21 +01:00
|
|
|
dest: /etc/.gitignore
|
|
|
|
|
line: letsencrypt/.certbot.lock
|
|
|
|
|
create: yes
|
|
|
|
|
owner: root
|
|
|
|
|
mode: "0600"
|
