48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
---
|
|
- name: Create Certbot volumes
|
|
containers.podman.podman_volume:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- certbot-etc
|
|
- certbot-var-lib
|
|
|
|
- name: Create LetsEncrypt container
|
|
containers.podman.podman_container:
|
|
name: certbot
|
|
state: present
|
|
image: docker.io/certbot/certbot
|
|
command: certonly -n --standalone --domains {{ podman_certbot_domains }} --expand --agree-tos --email {{ podman_certbot_email }}
|
|
volumes:
|
|
- certbot-etc:/etc/letsencrypt
|
|
- certbot-var-lib:/var/lib/letsencrypt
|
|
ports:
|
|
- "{{ podman_certbot_port_mapping }}"
|
|
generate_systemd:
|
|
path: ~/.config/systemd/user
|
|
# If validation fails a number of times in a pre-defined window, we will get rate-limited by
|
|
# LetsEncrypt. Setting this option will prevent us from angering the rate-limiter.
|
|
#
|
|
# Also, search for the YAML norway problem, lol, these quotations are necessary. YAML is insane.
|
|
restart_policy: "no"
|
|
notify: Reload user systemd daemon
|
|
|
|
- name: Install systemd files for certbot certificate renewal
|
|
ansible.builtin.template:
|
|
src: "{{ filename }}.j2"
|
|
dest: ~/.config/systemd/user/{{ filename }}
|
|
mode: "0640"
|
|
vars:
|
|
filename: container-certbot.timer
|
|
notify: Reload user systemd daemon
|
|
|
|
# Must be placed here to ensure proper ordering of events
|
|
- name: Flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Ensure certbot timer unit is enabled and started
|
|
ansible.builtin.systemd_service:
|
|
name: container-certbot.timer
|
|
state: started
|
|
scope: user
|
|
enabled: true
|