Commit 7464fd9c by Jocelyn Delalande

letsencrypt: Drop wheezy support and install from apt

Removing all the pip/venv stuff.  Note that the role do not cleanup if a
machine was previously using pip/venv stuff.
parent 9580d41f
---
letsencrypt_src_directory: /usr/local/share/letsencrypt
letsencrypt_venv: "{{ letsencrypt_src_directory }}/env"
letsencrypt_cert_domains:
- "{{ ansible_fqdn }}"
letsencrypt_webroot_path: /var/www
letsencrypt_authenticator: webroot
letsencrypt_email: "webmaster@{{ ansible_domain }}"
letsencrypt_command: "{{ letsencrypt_venv }}/bin/letsencrypt --agree-tos {% if letsencrypt_rsa_key_size is defined %}--rsa-key-size {{ letsencrypt_rsa_key_size }}{% endif %} --text --email {{ letsencrypt_email }} {% if letsencrypt_server is defined %}--server {{ letsencrypt_server }}{% endif %} --expand "
letsencrypt_command: "certbot --agree-tos {% if letsencrypt_rsa_key_size is defined %}--rsa-key-size {{ letsencrypt_rsa_key_size }}{% endif %} --text --email {{ letsencrypt_email }} {% if letsencrypt_server is defined %}--server {{ letsencrypt_server }}{% endif %} --expand "
letsencrypt_renewal_frequency:
day: "*"
hour: 0
......
......@@ -2,43 +2,20 @@
- name: flush handlers (in case nginx has to restart first)
meta: flush_handlers
- apt: update_cache=yes cache_valid_time=3600
- name: Install depends
apt: name={{ item }} state=present
with_items:
- python
- python-dev
- python-virtualenv
- gcc
- dialog
- libaugeas0
- libssl-dev
- libffi-dev
- ca-certificates
- python-pip
- git
- name: Install virtualenv (Debian)
apt: name={{ item }} state=present
with_items:
- virtualenv
when: ansible_distribution == 'Debian' and ansible_lsb.codename != "wheezy"
- name: Install virtualenv (Debian Wheezy)
apt: name={{ item }} state=present
with_items:
- python-virtualenv
when: ansible_distribution == 'Debian' and ansible_lsb.codename == "wheezy"
- name: Install python depends
pip: virtualenv="{{ letsencrypt_venv }}" virtualenv_site_packages=no name={{ item }} state=latest
with_items:
- setuptools
- pip
- name: More python depends
pip: virtualenv="{{ letsencrypt_venv }}" virtualenv_site_packages=no name=letsencrypt state=latest
- name: add backports repository (for jessie)
apt_repository:
repo: 'deb http://http.debian.net/debian jessie-backports main'
state: present
update_cache: yes
when: ansible_lsb.codename == "jessie"
- name: install certbot
apt:
pkg: certbot
update_cache: yes
cache_valid_time: 1800
default_release: "{% if ansible_distribution_release == 'jessie'%}jessie-backports{% endif %}"
when: ansible_lsb.codename == "jessie"
- name: Ensure webroot exists
file: path="{{ letsencrypt_webroot_path }}" state=directory recurse=yes mode="a+rw"
......@@ -53,4 +30,4 @@
apt: name=cron
- name: Install renewal cron
cron: name="Let's Encrypt Renewal" day="{{ letsencrypt_renewal_frequency.day }}" hour="{{ letsencrypt_renewal_frequency.hour }}" minute="{{ letsencrypt_renewal_frequency.minute }}" job="{{ letsencrypt_venv }}/bin/letsencrypt renew --renew-hook '/etc/init.d/nginx reload'> /dev/null"
cron: name="Let's Encrypt Renewal" day="{{ letsencrypt_renewal_frequency.day }}" hour="{{ letsencrypt_renewal_frequency.hour }}" minute="{{ letsencrypt_renewal_frequency.minute }}" job="certbot renew --renew-hook 'systemctl reload nginx'> /dev/null"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment