initial commit

2025-10-16 22:54:40 +02:00
parent d80ca5979e
commit 5e6faaffcf
23 changed files with 1608 additions and 1 deletions
--- a/playbooks/07-setup-gitea-certbot.yml
+++ b/playbooks/07-setup-gitea-certbot.yml
@@ -0,0 +1,43 @@
+---
+# Certbot SSL certificate setup for Gitea tasks
+- name: Stop Nginx temporarily for initial certificate request
+  systemd:
+    name: nginx
+    state: stopped
+  when: not ansible_check_mode
+
+- name: Obtain SSL certificate for Gitea using standalone mode
+  command: >
+    certbot certonly
+    --standalone
+    --non-interactive
+    --agree-tos
+    --email {{ ssl_email }}
+    --domains {{ gitea_domain }}
+  register: gitea_certbot_result
+  changed_when: gitea_certbot_result.rc == 0
+  failed_when: gitea_certbot_result.rc != 0 and "already exists" not in gitea_certbot_result.stderr
+  when: not ansible_check_mode
+
+- name: Start Nginx service
+  systemd:
+    name: nginx
+    state: started
+
+- name: Test certificate renewal for Gitea
+  command: certbot renew --dry-run
+  register: gitea_certbot_test
+  changed_when: false
+
+- name: Display certificate renewal test result for Gitea
+  debug:
+    msg: "{{ gitea_certbot_test.stdout }}"
+
+- name: Verify SSL certificate exists for Gitea
+  stat:
+    path: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
+  register: gitea_ssl_cert
+
+- name: Display SSL certificate status for Gitea
+  debug:
+    msg: "SSL certificate for {{ gitea_domain }}: {{ 'exists' if gitea_ssl_cert.stat.exists else 'not found' }}"