From 9d4c630c7e696b963556fd7ef757a68964306013 Mon Sep 17 00:00:00 2001
From: otthorn <otthorn@crans.org>
Date: Sun, 17 Jan 2021 17:02:05 +0100
Subject: [PATCH] Add the mail-certificate role

---
 roles/mail-certificates/tasks/main.yml | 28 ++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 roles/mail-certificates/tasks/main.yml

diff --git a/roles/mail-certificates/tasks/main.yml b/roles/mail-certificates/tasks/main.yml
new file mode 100644
index 0000000..64e6c63
--- /dev/null
+++ b/roles/mail-certificates/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+# Very similar to the certbot role, but without nginx
+# Install Letscrypt tools to generate and manage certificates
+- name: Install Letsencrypt
+  apt:
+    name:
+      - certbot  # letsencrypt
+      - ca-certificates  # just in case
+    update_cache: true
+
+# Create the configuration directory for letsencrypt
+- name: Create /etc/letsencrypt/conf.d
+  file:
+    path: /etc/letsencrypt/conf.d
+    state: directory
+    mode: 0755
+
+# Configure certbot
+- name: Add certbot configuration
+  template:
+    src: "conf.ini.j2"
+    dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
+    mode: 0644
+  register: certbot_config
+
+- name: Generate new certificates if the configuration changed
+  shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
+  when: certbot_config.changed