Update lego to only install, no initial certs since it varies by purpose

2026-01-24 12:55:29 -07:00
parent 5b851d27aa
commit 04823e681f
3 changed files with 6 additions and 54 deletions
--- a/ansible/roles/lego/tasks/copy_certs.yaml
+++ b/ansible/roles/lego/tasks/copy_certs.yaml
@@ -1,35 +0,0 @@
 - name: Find certificates to copy
  find:
    paths: /root/.lego/certificates
    recurse: true
    patterns:
      - "*.crt"
  register: certs_to_copy
 - name: Copy certificates to nginx ssl directory
  copy:
    remote_src: true
    src: "{{ item.path }}"
    dest: /etc/nginx/ssl
    owner: nginx
    mode: 0600
  with_items: "{{ certs_to_copy.files }}"
 - name: Find keys to copy
  find:
    paths: /root/.lego/certificates
    recurse: true
    patterns:
      - "*.key"
  register: keys_to_copy
 - name: Copy keys to nginx ssl directory
  copy:
    remote_src: true
    src: "{{ item.path }}"
    dest: /etc/nginx/ssl
    owner: nginx
    mode: 0600
  with_items: "{{ keys_to_copy.files }}"
--- a/ansible/roles/lego/tasks/install.yaml
+++ b/ansible/roles/lego/tasks/install.yaml
@@ -0,0 +1,5 @@
 - name: Download and untar lego
  unarchive:
    src: https://github.com/go-acme/lego/releases/download/v{{ lego_version }}/lego_v{{ lego_version }}_linux_amd64.tar.gz
    dest: /usr/local/bin
    remote_src: yes
--- a/ansible/roles/lego/tasks/main.yaml
+++ b/ansible/roles/lego/tasks/main.yaml
@@ -1,19 +1 @@
- name: Download and untar lego
+- import_tasks: install.yaml
  unarchive:
    src: https://github.com/go-acme/lego/releases/download/v{{ lego_version }}/lego_v{{ lego_version }}_linux_amd64.tar.gz
    dest: /usr/local/bin
    remote_src: yes
 - name: Check if certs exist
  stat:
    path: /root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt
  register: cert_check
 - name: Generate an initial cert if not present
  include_tasks:
    file: initial_cert.yaml
  when: not cert_check.stat.exists
 - name: Copy certificates
  include_tasks:
    file: copy_certs.yaml