evoacme: use apt-repositories role

evoacme/files/backports-certbot

@@ -0,0 +1,3 @@
+Package: certbot python-certbot python-acme python-cryptography python-openssl python-setuptools python-ndg-httpsclient python-pyasn1 python-pkg-resources
+Pin: release a=jessie-backports
+Pin-Priority: 999

evoacme/handlers/main.yml

@@ -9,3 +9,7 @@
   service:
    name: apache2
    state: reloaded
+
+- name: apt update
+  apt:
+    update_cache: yes

evoacme/meta/main.yml

@@ -12,6 +12,7 @@ galaxy_info:
   - name: Debian
     versions:
     - jessie
+    - stretch
 
 dependencies: []
   # List your role dependencies here, one per line.

evoacme/tasks/certbot.yml

@@ -1,106 +1,47 @@
 ---
-- name: Set certbot release to Debian stable
-  set_fact:
-    evoacme_certbot_release: stable
-  when:
-    - ansible_distribution is defined
-    - ansible_distribution == "Debian"
-    - ansible_distribution_major_version is defined
-    - ansible_distribution_major_version|int > 8
-
-- name: Set certbot relase to jessie-backports
-  set_fact:
-    evoacme_certbot_release: jessie-backports
-  when:
-    - ansible_distribution is defined
-    - ansible_distribution == "Debian"
-    - ansible_distribution_major_version is defined
-    - ansible_distribution_major_version == "8"
 
 - block:
-  - name: Add backports repository
+  - name: install jessie-backports
-    lineinfile:
+    include_role:
-      dest: /etc/apt/sources.list.d/backports.list
+      name: "{{ roles }}/apt-repositories"
-      line: 'deb http://mirror.evolix.org/debian jessie-backports main'
+    vars:
-      state: present
+      apt_repositories_install_backports: True
-    register: add_backports
-    when: evoacme_certbot_release == "jessie-backports"
 
   - name: Add exceptions for certbot dependances
-    blockinfile:
-      dest: /etc/apt/preferences.d/backports
-      marker: "## {mark} ANSIBLE MANAGED BLOCK"
-      block: |
-        Package: certbot python-certbot python-acme python-cryptography python-openssl python-setuptools python-ndg-httpsclient python-pyasn1 python-pkg-resources
-        Pin: release a=jessie-backports
-        Pin-Priority: 999
-    when: evoacme_certbot_release == "jessie-backports"
-
-  - name: Apt update
-    apt:
-      update_cache: yes
-    when:
-      - add_backports is defined
-      - add_backports|changed
-
-  - name: Install certbot with apt
-    apt:
-      name: certbot
-      state: latest
-      default_release: "{{ evoacme_certbot_release }}"
-
-  - name: Check if /usr is a partition
-    shell: "mount | grep 'on /usr type'"
-    args:
-      warn: no
-    changed_when: False
-    failed_when: False
-    #check_mode: no (for migration to Ansible 2.2)
-    always_run: yes
-    register: usr_partition
-
-  - name: Mount /usr in rw
-    command: mount -o remount,rw /usr
-    args:
-      warn: no
-    changed_when: False
-    when: usr_partition.rc == 0
-
-  - name: Remove certbot symlink for apt install
-    file:
-      path: /usr/local/bin/certbot
-      state: absent
-  when: evoacme_certbot_release is defined
-
-- block:
-  - name: Install certbot from source
-    git:
-      repo: https://github.com/certbot/certbot.git
-      dest: /opt/certbot
-      update: yes
-
-  - name: Fix certbot right for source install
-    file:
-      path: /opt/certbot
-      recurse: yes
-      state: directory
-      mode: "g+rX,o+rX"
-
-  - name: Install certbot symlink for source install
     copy:
-      dest: /usr/local/bin/certbot
+      src: backports-certbot
-      content: |
+      dest: /etc/apt/preferences.d/z-backports-certbot
-        #!/bin/sh
+    notify: apt update
-        sudo /opt/certbot/certbot-auto $@
-      mode: "0755"
 
-  - name: Add sudo right for source install
+  - meta: flush_handlers
-    copy:
+  when: ansible_distribution_release == "jessie"
-      src: files/sudoers
+
-      dest: /etc/sudoers.d/certbot
+- name: Install certbot with apt
-      mode: "0440"
+  apt:
-      validate: '/usr/sbin/visudo -cf %s'
+    name: certbot
-  when: evoacme_certbot_release is undefined
+    state: latest
+
+- name: Check if /usr is a partition
+  shell: "mount | grep 'on /usr type'"
+  args:
+    warn: no
+  changed_when: False
+  failed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
+  register: usr_partition
+
+- name: Mount /usr in rw
+  command: mount -o remount,rw /usr
+  args:
+    warn: no
+  changed_when: False
+  when: usr_partition.rc == 0
+
+- name: Remove certbot symlink for apt install
+  file:
+    path: /usr/local/bin/certbot
+    state: absent
 
 - name: Remove certbot dpkg cron
   file:

evoacme/tasks/main.yml

@@ -1,4 +1,12 @@
 ---
+
+- name: Fail if distribution is not supported
+  fail:
+    msg: "Error: '{{ ansible_os_family }} {{ ansible_distribution_release }}' is not a supported distribution."
+  when:
+  - ansible_distribution_release != "jessie"
+  - ansible_distribution_release != "stretch"
+
 - include: tasks/certbot.yml
 
 - include: tasks/acme.yml