chore: manage settings in ini file (#9)

radiorabe · Dec 18, 2024 · 6d0e3be · 6d0e3be
1 parent faeaf1f
commit 6d0e3be
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 12 deletions.
diff --git a/galaxy.yml b/galaxy.yml
@@ -14,8 +14,9 @@ tags:
   - container
   - podman
   - docker
-dependencies: {}
+dependencies:
+  community.general: ">=9.5.0"
 repository: https://github.com/radiorabe/ansible-collection-certbot
 documentation: https://github.com/radiorabe/ansible-collection-certbot/blob/main/README.md
-homepage: hhttps://github.com/radiorabe/ansible-collection-certbot
+homepage: https://github.com/radiorabe/ansible-collection-certbot
 issues: https://github.com/radiorabe/ansible-collection-certbot/issues
diff --git a/roles/certbot/defaults/main.yml b/roles/certbot/defaults/main.yml
@@ -7,10 +7,12 @@ certbot_certbot_sysconfig_path: /etc/sysconfig/certbot
 certbot_certsync_script_path: /usr/local/libexec/cert_sync.sh
 certbot_rsync_package_name: rsync
 certbot_certbot_systemd_timer_name: certbot-renew.timer
-certbot_certificates_src: /etc/letsencrypt/live/
-certbot_certificates_dest: /home/{{certbot_remote_user}}/httpd/rabe_certs
-certbot_certificates: [ "letest.rabe.ch", "letest2.rabe.ch" ]
-certbot_remote_hosts: [ "localhost" ]
+certbot_config_dir: /etc/letsencrypt
+certbot_client_ini: "{{ certbot_config_dir }}/cli.ini"
+certbot_certificates_src: "{{ certbot_config_dir }}/live/"
+certbot_certificates_dest: /home/{{ certbot_remote_user }}/httpd/rabe_certs
+certbot_certificates: ["letest.rabe.ch", "letest2.rabe.ch"]
+certbot_remote_hosts: ["localhost"]
 certbot_remote_user: revproxy
 certbot_remote_container: true
 certbot_remote_container_name: revproxy-revproxy

diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
@@ -8,16 +8,30 @@
     state: present
   become: true
 
+- name: Configure certbot
+  community.general.ini_file:
+    path: "{{ certbot_client_ini }}"
+    mode: "644"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  loop:
+    - option: email
+      value: "{{ certbot_acme_account_mail }}"
+    - option: agree-tos
+      value: true
+    - option: non-interactive
+      value: true
+
 - name: Make sure certbot timer is enabled
   ansible.builtin.systemd:
     enabled: true
     name: "{{ certbot_certbot_systemd_timer_name }}"
 
 - name: Write script for pushing certificates to remote host
   ansible.builtin.template:
-   src: templates/cert_sync.sh.j2
-   dest: "{{ certbot_certsync_script_path }}"
-   mode: "755"
+    src: templates/cert_sync.sh.j2
+    dest: "{{ certbot_certsync_script_path }}"
+    mode: "755"
 
 - name: Add deploy hook to {{ certbot_certbot_sysconfig_path }}
   ansible.builtin.lineinfile:
@@ -27,10 +41,10 @@
 
 - name: Add certificates to certbot
   ansible.builtin.command: "{{ certbot_certbot_binary_path }} certonly \
-    --standalone --non-interactive -m {{ certbot_acme_account_mail }} \
+    --standalone \
     --deploy-hook '/usr/local/libexec/cert_sync.sh'
-    --domains {{ item }} --agree-tos"
+    --domains {{ item }}"
   loop: "{{ certbot_certificates }}"
 
 - name: Update ACME account
-  ansible.builtin.command: "{{ certbot_certbot_binary_path }} update_account -m {{ certbot_acme_account_mail }}"
+  ansible.builtin.command: "{{ certbot_certbot_binary_path }} update_account"