Support any provided plugin via auto-installation

2025-12-22 14:19:25 +00:00 · 2025-07-19 11:29:56 +01:00
parent 44174f00d9
commit e0b88c6dad
6 changed files with 186 additions and 27 deletions
--- a/tasks/cert.yaml
+++ b/tasks/cert.yaml
@@ -3,11 +3,14 @@
  ansible.builtin.stat:
    path: "/etc/letsencrypt/live/{{ item.hostname }}/cert.pem"
  register: cert_stat
+  check_mode: false

 - name: Certbot - Get the SANs from the certificate file
  community.crypto.x509_certificate_info:
    path: "/etc/letsencrypt/live/{{ item.hostname }}/cert.pem"
  register: cert_info
+  changed_when: false
+  check_mode: false
  when: cert_stat.stat.exists

 - name: Certbot - Calculate the SAN list
@@ -15,6 +18,6 @@
    cert_sans: "{{ ['DNS:'] | product(item.sans | default([item.hostname])) | map('join') | list }}"

 - name: Certbot - Request a certificate  # noqa no-changed-when ignore-errors
-  ansible.builtin.command: "certbot certonly -n --expand --agree-tos {{ certbot_plugin_arguments[item.plugin | default('default')] }} -d '{{ item.hostname }}' {% for san in item.sans | default([]) %} -d '{{ san }}' {% endfor %} -m {{ certbot_certs_email }}"  # noqa no-change-when
+  ansible.builtin.command: "certbot certonly -n --expand --agree-tos {{ certbot_plugin_arguments[item.plugin | default('default')] | default('') }} -d '{{ item.hostname }}' {% for san in item.sans | default([]) %} -d '{{ san }}' {% endfor %} -m {{ certbot_certs_email }}{% if item.extra_arguments is defined %} {{ item.extra_arguments }}{% endif %}"  # noqa no-change-when
  ignore_errors: true
  when: not cert_stat.stat.exists or cert_sans | difference(cert_info.subject_alt_name) | list | length > 0
--- a/tasks/install.yaml
+++ b/tasks/install.yaml
@@ -4,23 +4,31 @@
    name: "{{ certbot_packages }}"
    state: present

- name: Certbot - Install certbot extensions (package manager)
-  ansible.builtin.package:
-    name: "{{ certbot_extension_packages }}"
-    state: present
-  when: 
-    - certbot_extension_packages | length
+- name: Certbot - Build plugin list
+  set_fact:
+    _certbot_plugins_used: "{{ certbot_certs | map(attribute='plugin') | list | unique | map('format', certbot_plugins_package_prefix + '%s') | list }}"

- name: Certbot - Install certbot extensions (pypi)
-  ansible.builtin.pip:
-    name: "{{ certbot_extension_pypi_packages }}"
-    state: present
-  when: 
-    - certbot_extension_pypi_packages | length
+- name: Certbot - Install extension packages
+  when:
+    - _certbot_plugins_used | length > 0
+  block:
+  - name: Certbot - Install certbot extensions (package manager)
+    ansible.builtin.package:
+      name: "{{ _certbot_plugins_used }}"
+      state: present
+    when:
+      - certbot_plugins_source == 'package_manager'
+
+  - name: Certbot - Install certbot extensions (pypi)
+    ansible.builtin.pip:
+      name: "{{ _certbot_plugins_used }}"
+      state: present
+    when:
+      - certbot_plugins_source == 'pypi'

 - name: Certbot - Enable certbot renewal timer
  ansible.builtin.systemd:
    name: "{{ certbot_timer_service }}"
    state: started
    enabled: true
-  when: certbot_timer_service
+  when: certbot_timer_service