33 lines
975 B
YAML
33 lines
975 B
YAML
---
|
|
- name: Ensure UFW is enabled and accepting HTTPS traffic
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
rule: allow
|
|
to_port: '443'
|
|
|
|
- name: Ensure UFW is enabled and accepting HTTP traffic
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
rule: allow
|
|
to_port: '80'
|
|
|
|
- name: Ensure certbot is installed
|
|
apt:
|
|
name: certbot
|
|
|
|
- name: Stop Apache2 to request certificate
|
|
service:
|
|
name: apache2
|
|
state: stopped
|
|
|
|
- name: Request certificate for node-metrics
|
|
shell: "certbot certonly --agree-tos --email {{ letsencrypt_account_email }} --standalone -n -d node-metrics-{{ ansible_fqdn }}"
|
|
args:
|
|
creates: "/etc/letsencrypt/live/node-metrics-{{ ansible_fqdn }}/fullchain.pem"
|
|
|
|
- name: Request certificate for postfix-metrics
|
|
shell: "certbot certonly --agree-tos --email {{ letsencrypt_account_email }} --standalone -n -d postfix-metrics-{{ ansible_fqdn }}"
|
|
args:
|
|
creates: "/etc/letsencrypt/live/postfix-metrics-{{ ansible_fqdn }}/fullchain.pem"
|