Cleanup project

tasks/cert.yaml

@@ -1,20 +1,20 @@
 ---
-- name: "Check the cert exists"
+- name: Certbot - Check the cert exists
   ansible.builtin.stat:
     path: "/etc/letsencrypt/live/{{ item.hostname }}/cert.pem"
   register: cert_stat
 
-- name: "Get the SANs from the certificate file"
+- name: Certbot - Get the SANs from the certificate file
   community.crypto.x509_certificate_info:
     path: "/etc/letsencrypt/live/{{ item.hostname }}/cert.pem"
   register: cert_info
   when: cert_stat.stat.exists
 
-- name: Calculate the SAN list
+- name: Certbot - Calculate the SAN list
   ansible.builtin.set_fact:
     cert_sans: "{{ ['DNS:'] | product(item.sans | default([item.hostname])) | map('join') | list }}"
 
-- name: "Request a certificate"  # noqa no-changed-when ignore-errors
+- name: Certbot - Request a certificate  # noqa no-changed-when ignore-errors
   ansible.builtin.command: "certbot certonly -n --expand --agree-tos {{ certbot_plugin_arguments[item.plugin | default('default')] }} -d '{{ item.hostname }}' {% for san in item.sans | default([]) %} -d '{{ san }}' {% endfor %} -m {{ certbot_certs_email }}"  # noqa no-change-when
   ignore_errors: true
   when: not cert_stat.stat.exists or cert_sans | difference(cert_info.subject_alt_name) | list | length > 0

tasks/config.yaml

@@ -1,11 +1,12 @@
 ---
-- name: Write out DigitalOcean auth key
-  ansible.builtin.template:
-    src: do_secrets.j2
+- name: Certbot - Write out DigitalOcean auth key
+  ansible.builtin.copy:
     dest: /root/do_secrets.ini
     mode: "0600"
     owner: root
     group: root
+    content: |
+      dns_digitalocean_token = {{ certbot_digitalocean_token }}
   when:
     - certbot_digitalocean_token is defined
 

tasks/install.yaml

@@ -1,20 +1,20 @@
 ---
-- name: Install certbot
+- name: Certbot - Install certbot
   ansible.builtin.package:
     name: "{{ certbot_packages }}"
     state: present
 
-- name: Install certbot extensions (package manager)
+- name: Certbot - Install certbot extensions (package manager)
   ansible.builtin.package:
     name: "{{ certbot_extension_packages }}"
     state: present
 
-- name: Install certbot extensions (pypi)
+- name: Certbot - Install certbot extensions (pypi)
   ansible.builtin.pip:
     name: "{{ certbot_extension_pypi_packages }}"
     state: present
 
-- name: Enable certbot renewal timer
+- name: Certbot - Enable certbot renewal timer
   ansible.builtin.systemd:
     name: "{{ certbot_timer_service }}"
     state: started

tasks/main.yaml

@@ -1,17 +1,17 @@
 ---
-- name: Get OS specific vars
+- name: Certbot - Get OS specific vars
   include_vars: "{{ item }}"
   with_first_found:
     - "os/{{ ansible_os_family }}/{{ ansible_distribution_major_version }}.yaml"
     - "os/{{ ansible_os_family }}.yaml"
 
-- name: Install Certbot
+- name: Certbot - Install Certbot
   ansible.builtin.import_tasks: install.yaml
 
-- name: Configure Certbot
+- name: Certbot - Configure Certbot
   ansible.builtin.import_tasks: config.yaml
 
-- name: Request Certificates
+- name: Certbot - Request Certificates
   ansible.builtin.import_tasks: request_certs.yaml
   tags:
     - request_certs

tasks/request_certs.yaml

@@ -1,9 +1,9 @@
 ---
-- name: Add FQDN if not already listed in certs
+- name: Certbot - Add host FQDN if not already listed in certs
   ansible.builtin.set_fact:
     certbot_certs: "{{ certbot_certs + [{'hostname': ansible_fqdn}] }}"
   when: certbot_certs | selectattr('hostname', 'equalto', ansible_fqdn) | list | length == 0
 
-- name: Request Certificate
+- name: Certbot - Request Certificate
   ansible.builtin.include_tasks: cert.yaml
   loop: "{{ certbot_certs }}"