From 60955c1789463a3d82646944fac24c0a1b710494 Mon Sep 17 00:00:00 2001
From: Alpha Chen <alpha@kejadlen.dev>
Date: Wed, 28 Dec 2022 20:10:07 -0800
Subject: [PATCH] ramble-hard/lets_encrypt

---
 ramble-hard/lets_encrypt.yml         | 27 +++++++++++++++++++++++++++
 ramble-hard/lets_encrypt/renew-certs |  2 ++
 2 files changed, 29 insertions(+)
 create mode 100644 ramble-hard/lets_encrypt.yml
 create mode 100644 ramble-hard/lets_encrypt/renew-certs

diff --git a/ramble-hard/lets_encrypt.yml b/ramble-hard/lets_encrypt.yml
new file mode 100644
index 0000000..4bb9f76
--- /dev/null
+++ b/ramble-hard/lets_encrypt.yml
@@ -0,0 +1,27 @@
+- hosts: ramble-hard
+  tasks:
+
+  - name: install certbot
+    package:
+      name:
+        - certbot
+
+  - name: stop nginx
+    service:
+      name: nginx
+      state: stopped
+
+  - command: >
+      certbot certonly --standalone --preferred-challenges http
+      -n --agree-tos -m {{ lets_encrypt_email }}
+      -d {{ item }}
+    loop: "{{ lets_encrypt_tlds }}"
+
+  - service:
+      name: nginx
+      state: started
+
+  - template:
+      src: lets_encrypt/renew-certs
+      dest: /etc/cron.daily/renew-certs
+      mode: +x
diff --git a/ramble-hard/lets_encrypt/renew-certs b/ramble-hard/lets_encrypt/renew-certs
new file mode 100644
index 0000000..88192fc
--- /dev/null
+++ b/ramble-hard/lets_encrypt/renew-certs
@@ -0,0 +1,2 @@
+#!/bin/sh
+certbot renew -w /var/lib/letsencrypt/ --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"