43 lines
1.2 KiB
YAML
43 lines
1.2 KiB
YAML
---
|
|
# Certbot SSL certificate setup for Gitea tasks
|
|
- name: Stop Nginx temporarily for initial certificate request
|
|
systemd:
|
|
name: nginx
|
|
state: stopped
|
|
when: not ansible_check_mode
|
|
|
|
- name: Obtain SSL certificate for Gitea using standalone mode
|
|
command: >
|
|
certbot certonly
|
|
--standalone
|
|
--non-interactive
|
|
--agree-tos
|
|
--email {{ ssl_email }}
|
|
--domains {{ gitea_domain }}
|
|
register: gitea_certbot_result
|
|
changed_when: gitea_certbot_result.rc == 0
|
|
failed_when: gitea_certbot_result.rc != 0 and "already exists" not in gitea_certbot_result.stderr
|
|
when: not ansible_check_mode
|
|
|
|
- name: Start Nginx service
|
|
systemd:
|
|
name: nginx
|
|
state: started
|
|
|
|
- name: Test certificate renewal for Gitea
|
|
command: certbot renew --dry-run
|
|
register: gitea_certbot_test
|
|
changed_when: false
|
|
|
|
- name: Display certificate renewal test result for Gitea
|
|
debug:
|
|
msg: "{{ gitea_certbot_test.stdout }}"
|
|
|
|
- name: Verify SSL certificate exists for Gitea
|
|
stat:
|
|
path: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
|
|
register: gitea_ssl_cert
|
|
|
|
- name: Display SSL certificate status for Gitea
|
|
debug:
|
|
msg: "SSL certificate for {{ gitea_domain }}: {{ 'exists' if gitea_ssl_cert.stat.exists else 'not found' }}" |