77 lines
1.8 KiB
YAML
77 lines
1.8 KiB
YAML
---
|
|
|
|
- block:
|
|
- name: install jessie-backports
|
|
include_role:
|
|
name: apt
|
|
tasks_from: backports.yml
|
|
|
|
- name: Add exceptions for certbot dependances
|
|
copy:
|
|
src: backports-certbot
|
|
dest: /etc/apt/preferences.d/z-backports-certbot
|
|
notify: apt update
|
|
|
|
- meta: flush_handlers
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: Install certbot with apt
|
|
apt:
|
|
name: certbot
|
|
state: latest
|
|
|
|
- name: Check if /usr is a partition
|
|
shell: "mount | grep 'on /usr type'"
|
|
args:
|
|
warn: no
|
|
changed_when: False
|
|
failed_when: False
|
|
check_mode: no
|
|
|
|
register: usr_partition
|
|
|
|
- name: Mount /usr in rw
|
|
command: mount -o remount,rw /usr
|
|
args:
|
|
warn: no
|
|
changed_when: False
|
|
when: usr_partition.rc == 0
|
|
|
|
- name: Remove certbot symlink for apt install
|
|
file:
|
|
path: /usr/local/bin/certbot
|
|
state: absent
|
|
|
|
- name: Remove certbot dpkg cron
|
|
file:
|
|
path: /etc/cron.d/certbot
|
|
state: absent
|
|
|
|
- name: Install certbot custom cron
|
|
copy:
|
|
src: certbot.cron
|
|
dest: /etc/cron.daily/certbot
|
|
mode: "0755"
|
|
|
|
- name: Find squid config whitelist
|
|
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
|
failed_when: false
|
|
changed_when: false
|
|
check_mode: no
|
|
register: squid_whitelist_files
|
|
|
|
- name: set squid_service_name=squid3 for Debian < 9
|
|
set_fact:
|
|
squid_service_name: squid3
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version | version_compare('9', '<')
|
|
|
|
- name: Let's Encrypt OCSP server is authorized by squid
|
|
lineinfile:
|
|
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
|
line: "http://.*.letsencrypt.org/.*"
|
|
state: present
|
|
notify: "reload {{ squid_service_name | default('squid') }}"
|
|
when: squid_whitelist_files.stdout != ""
|