diff options
Diffstat (limited to 'roles/haproxy/tasks/main.yml')
| -rw-r--r-- | roles/haproxy/tasks/main.yml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml new file mode 100644 index 0000000..f7464c8 --- /dev/null +++ b/roles/haproxy/tasks/main.yml @@ -0,0 +1,52 @@ +- name: "add certbot apt repo" + apt_repository: + repo: "deb http://deb.debian.org/debian stretch-backports main" + +- name: "install certbot" + apt: + name: certbot + default_release: stretch-backports + +- name: "install daily cron job to create haproxy.pem" + copy: + content: | + #!/bin/sh + set -eu + cd /etc/letsencrypt/live/haproxy + cat fullchain.pem privkey.pem > /etc/ssl/haproxy.pem + systemctl restart haproxy + dest: /etc/cron.daily/haproxy.pem + owner: root + group: root + mode: 0755 + +- name: "run certbot" + shell: | + set -eu + certbot certonly \ + --standalone \ + --noninteractive \ + --email "{{ letsencrypt_email }}" \ + --agree-tos \ + --expand \ + --cert-name haproxy \ + --keep \ + --pre-hook "systemctl stop apache2 haproxy" \ + --post-hook "systemctl start apache2 haproxy" \ + -d "{{ haproxy_domain }}" + /etc/cron.daily/haproxy.pem + +- name: install haproxy + apt: + name: haproxy + +- name: "install haproxy config" + copy: + src: haproxy.cfg + dest: /etc/haproxy/haproxy.cfg + +- name: enable and start haproxy + service: + state: restarted + enabled: yes + name: haproxy |