feat: Add nginx-proxy role for nginx and certbot

2026-03-01 22:23:38 +01:00
parent 90cbc8813c
commit e3dcd0158c
9 changed files with 241 additions and 25 deletions
--- a/roles/nginx-proxy/tasks/generate_certs.yml
+++ b/roles/nginx-proxy/tasks/generate_certs.yml
@@ -0,0 +1,23 @@
+---
+- name: Stop Nginx before Certbot (if it is running)
+  ansible.builtin.service:
+    name: nginx
+    state: stopped
+  ignore_errors: true
+
+- name: Generate Certbot certificates
+  ansible.builtin.command: >
+    certbot certonly --standalone
+    --non-interactive
+    --agree-tos
+    --email {{ certbot_email | default("admin@" + mydomain) }}
+    -d {{ item.key + "." + mydomain if not item.value.internal else item.key + ".internal." + mydomain }}
+  loop: "{{ servernames | dict2items }}"
+  when: not item.value.internal
+  args:
+    creates: "/etc/letsencrypt/live/{{ item.key + "." + mydomain if not item.value.internal else item.key + ".internal." + mydomain }}/fullchain.pem"
+
+- name: Start Nginx after Certbot
+  ansible.builtin.service:
+    name: nginx
+    state: started