35 lines
921 B
YAML
35 lines
921 B
YAML
|
|
||
|
- name: Install Certbot
|
||
|
apt:
|
||
|
name: certbot
|
||
|
state: present
|
||
|
|
||
|
- name: Install Certbot Nginx Plugin
|
||
|
apt:
|
||
|
name: python3-certbot-nginx
|
||
|
state: present
|
||
|
|
||
|
- name: Create TLS certificate
|
||
|
become: yes
|
||
|
become_user: root
|
||
|
command: certbot certonly --rsa-key-size 2048 -d {{ server_name }} -d element.{{ server_name }} -d turn.{{ server_name }} --agree-tos --non-interactive --email {{ matrix_admin_email }} --nginx
|
||
|
|
||
|
- name: Setup SSL Auto-renewal
|
||
|
become: yes
|
||
|
become_user: root
|
||
|
cron:
|
||
|
name: certbot renew
|
||
|
minute: 0
|
||
|
hour: 0
|
||
|
day: 1
|
||
|
month: '*'
|
||
|
weekday: '*'
|
||
|
job: certbot renew --rsa-key-size 2048 --quiet --post-hook "systemctl reload nginx"
|
||
|
|
||
|
- name: Create Diffie-Hellman key
|
||
|
become: yes
|
||
|
become_user: root
|
||
|
command:
|
||
|
cmd: openssl dhparam -out /etc/letsencrypt/live/{{ server_name }}/dhparam2048.pem 2048
|
||
|
creates: /etc/letsencrypt/live/{{ server_name }}/dhparam2048.pem
|