Jérémy Lecour
404f4445d4
When including a specific tasks file, we bypass the "main" tasks of the role and the conditionals. That way we don't play useless tasks and don't rely on default values.
70 lines
1.5 KiB
YAML
70 lines
1.5 KiB
YAML
---
|
|
|
|
- block:
|
|
- name: install jessie-backports
|
|
include_role:
|
|
name: apt-repositories
|
|
tasks_from: backports.yml
|
|
|
|
- name: Add exceptions for certbot dependances
|
|
copy:
|
|
src: backports-certbot
|
|
dest: /etc/apt/preferences.d/z-backports-certbot
|
|
notify: apt update
|
|
|
|
- meta: flush_handlers
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: Install certbot with apt
|
|
apt:
|
|
name: certbot
|
|
state: latest
|
|
|
|
- name: Check if /usr is a partition
|
|
shell: "mount | grep 'on /usr type'"
|
|
args:
|
|
warn: no
|
|
changed_when: False
|
|
failed_when: False
|
|
check_mode: no
|
|
|
|
register: usr_partition
|
|
|
|
- name: Mount /usr in rw
|
|
command: mount -o remount,rw /usr
|
|
args:
|
|
warn: no
|
|
changed_when: False
|
|
when: usr_partition.rc == 0
|
|
|
|
- name: Remove certbot symlink for apt install
|
|
file:
|
|
path: /usr/local/bin/certbot
|
|
state: absent
|
|
|
|
- name: Remove certbot dpkg cron
|
|
file:
|
|
path: /etc/cron.d/certbot
|
|
state: absent
|
|
|
|
- name: Install certbot custom cron
|
|
copy:
|
|
src: certbot.cron
|
|
dest: /etc/cron.daily/certbot
|
|
mode: "0755"
|
|
|
|
- name: Find squid3 config whitelist
|
|
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
|
|
failed_when: false
|
|
changed_when: false
|
|
check_mode: no
|
|
register: squid3_whitelist_files
|
|
|
|
- name: Let's Encrypt OCSP server is authorized by squid
|
|
lineinfile:
|
|
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
|
|
line: "http://.*.letsencrypt.org/.*"
|
|
state: present
|
|
notify: reload squid3
|
|
when: squid3_whitelist_files.stdout != ""
|