Cleanup project

LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Andrew Williams <andy@tensixtyone.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,2 @@
+# Ansible Certbot
+

meta/main.yaml

@@ -1,15 +1,27 @@
 ---
-allow_duplicates: false
+dependencies: []
 
 galaxy_info:
   role_name: certbot
-  author: Andrew Williams
+  author: nikdoof
-  description: Basic installation for Certbot
+  description: Install Certbot and request ACME certificates
   license: MIT
-
+  min_ansible_version: "2.10"
-  min_ansible_version: "2.4"
-
   platforms:
+    - name: EL
+      versions:
+        - 8
+        - 9
     - name: Ubuntu
       versions:
         - jammy
+  galaxy_tags:
+    - networking
+    - system
+    - web
+    - certbot
+    - letsencrypt
+    - encryption
+    - certificates
+    - ssl
+    - https

tasks/cert.yaml

@@ -1,20 +1,20 @@
 ---
-- name: "Check the cert exists"
+- name: Certbot - Check the cert exists
   ansible.builtin.stat:
     path: "/etc/letsencrypt/live/{{ item.hostname }}/cert.pem"
   register: cert_stat
 
-- name: "Get the SANs from the certificate file"
+- name: Certbot - Get the SANs from the certificate file
   community.crypto.x509_certificate_info:
     path: "/etc/letsencrypt/live/{{ item.hostname }}/cert.pem"
   register: cert_info
   when: cert_stat.stat.exists
 
-- name: Calculate the SAN list
+- name: Certbot - Calculate the SAN list
   ansible.builtin.set_fact:
     cert_sans: "{{ ['DNS:'] | product(item.sans | default([item.hostname])) | map('join') | list }}"
 
-- name: "Request a certificate"  # noqa no-changed-when ignore-errors
+- name: Certbot - Request a certificate  # noqa no-changed-when ignore-errors
   ansible.builtin.command: "certbot certonly -n --expand --agree-tos {{ certbot_plugin_arguments[item.plugin | default('default')] }} -d '{{ item.hostname }}' {% for san in item.sans | default([]) %} -d '{{ san }}' {% endfor %} -m {{ certbot_certs_email }}"  # noqa no-change-when
   ignore_errors: true
   when: not cert_stat.stat.exists or cert_sans | difference(cert_info.subject_alt_name) | list | length > 0

tasks/config.yaml

@@ -1,11 +1,12 @@
 ---
-- name: Write out DigitalOcean auth key
+- name: Certbot - Write out DigitalOcean auth key
-  ansible.builtin.template:
+  ansible.builtin.copy:
-    src: do_secrets.j2
     dest: /root/do_secrets.ini
     mode: "0600"
     owner: root
     group: root
+    content: |
+      dns_digitalocean_token = {{ certbot_digitalocean_token }}
   when:
     - certbot_digitalocean_token is defined
 

tasks/install.yaml

@@ -1,20 +1,20 @@
 ---
-- name: Install certbot
+- name: Certbot - Install certbot
   ansible.builtin.package:
     name: "{{ certbot_packages }}"
     state: present
 
-- name: Install certbot extensions (package manager)
+- name: Certbot - Install certbot extensions (package manager)
   ansible.builtin.package:
     name: "{{ certbot_extension_packages }}"
     state: present
 
-- name: Install certbot extensions (pypi)
+- name: Certbot - Install certbot extensions (pypi)
   ansible.builtin.pip:
     name: "{{ certbot_extension_pypi_packages }}"
     state: present
 
-- name: Enable certbot renewal timer
+- name: Certbot - Enable certbot renewal timer
   ansible.builtin.systemd:
     name: "{{ certbot_timer_service }}"
     state: started

tasks/main.yaml

@@ -1,17 +1,17 @@
 ---
-- name: Get OS specific vars
+- name: Certbot - Get OS specific vars
   include_vars: "{{ item }}"
   with_first_found:
     - "os/{{ ansible_os_family }}/{{ ansible_distribution_major_version }}.yaml"
     - "os/{{ ansible_os_family }}.yaml"
 
-- name: Install Certbot
+- name: Certbot - Install Certbot
   ansible.builtin.import_tasks: install.yaml
 
-- name: Configure Certbot
+- name: Certbot - Configure Certbot
   ansible.builtin.import_tasks: config.yaml
 
-- name: Request Certificates
+- name: Certbot - Request Certificates
   ansible.builtin.import_tasks: request_certs.yaml
   tags:
     - request_certs

tasks/request_certs.yaml

@@ -1,9 +1,9 @@
 ---
-- name: Add FQDN if not already listed in certs
+- name: Certbot - Add host FQDN if not already listed in certs
   ansible.builtin.set_fact:
     certbot_certs: "{{ certbot_certs + [{'hostname': ansible_fqdn}] }}"
   when: certbot_certs | selectattr('hostname', 'equalto', ansible_fqdn) | list | length == 0
 
-- name: Request Certificate
+- name: Certbot - Request Certificate
   ansible.builtin.include_tasks: cert.yaml
   loop: "{{ certbot_certs }}"

templates/do_secrets.j2

@@ -1,2 +0,0 @@
-# DigitalOcean API credentials used by Certbot
-dns_digitalocean_token = {{ certbot_digitalocean_token }}

templates/gd_secrets.j2

@@ -1,3 +0,0 @@
-# GoDaddy API credentials used by Certbot
-dns_godaddy_secret = {{ certbot_godaddy_secret }}
-dns_godaddy_key = {{ certbot_godaddy_key }}