Ivo C.S. Wingelaar
99053b7f3e
This role will install logic to transfer the (renewed) certificates from the Certbot container to a directory easily accessible by a distribution-installed nginx.
32 lines
951 B
YAML
32 lines
951 B
YAML
---
|
|
- name: Create SCE certbot directories
|
|
ansible.builtin.file:
|
|
dest: /etc/sce-certbot
|
|
state: directory
|
|
mode: "0750"
|
|
|
|
- name: Install script to move the TLS certificates to root
|
|
ansible.builtin.template:
|
|
src: move-certificate-files-to-root.j2
|
|
dest: /usr/local/bin/move-certificate-files-to-root
|
|
mode: "0740"
|
|
|
|
- name: Install script to extract the certificate files from the Podman volume
|
|
ansible.builtin.template:
|
|
src: extract-certificate-files.j2
|
|
dest: /usr/local/bin/extract-certificate-files
|
|
mode: "0755"
|
|
|
|
- name: Allow podman user to execute the move command
|
|
community.general.sudoers:
|
|
name: allow-podman-move-certificates
|
|
user: podman
|
|
state: present
|
|
commands:
|
|
- /usr/local/bin/move-certificate-files-to-root
|
|
nopassword: true
|
|
|
|
- name: Configure Certbot service
|
|
ansible.builtin.import_tasks: machinectl.yml
|
|
become_method: community.general.machinectl
|
|
become_user: podman
|