bgulla · July 26, 2024 00:32
diff --git a/playbook.yml b/playbook.yml
 ---
 - name: Setup Let's Encrypt with Cloudflare DNS on PiKVM
  hosts: pikvm
  become: yes
  vars:
    cloudflare_email: "[email protected]"
    cloudflare_api_key: "your-cloudflare-api-key"
    domain: "pikvm.example.com"
    auth_file_path: "/var/lib/kvmd/pst/data/certbot/runroot/.cloudflare.auth"

  tasks:
    - name: Install certbot-dns-cloudflare
      pacman:
        name: certbot-dns-cloudflare
        state: present

    - name: Create directory for certbot runroot
      command: kvmd-pstrun -- mkdir -p /var/lib/kvmd/pst/data/certbot/runroot

    - name: Create Cloudflare credentials file
      copy:
        dest: "{{ auth_file_path }}"
        content: |
          dns_cloudflare_email = {{ cloudflare_email }}
          dns_cloudflare_api_key = {{ cloudflare_api_key }}
      register: auth_file

    - name: Set permissions on Cloudflare credentials file
      command: kvmd-pstrun -- chmod 600 {{ auth_file_path }}
      when: auth_file.changed

    - name: Set ownership on Cloudflare credentials file
      command: kvmd-pstrun -- chown kvmd-certbot: {{ auth_file_path }}
      when: auth_file.changed

    - name: Obtain SSL certificate from Let's Encrypt
      command: >
        kvmd-certbot certonly
        --dns-cloudflare
        --dns-cloudflare-propagation-seconds 60
        --dns-cloudflare-credentials {{ auth_file_path }}
        --agree-tos
        -n
        --email {{ cloudflare_email }}
        -d {{ domain }}
      register: certbot_output

    - name: Install SSL certificate for nginx
      command: kvmd-certbot install_nginx {{ domain }}
      when: certbot_output.rc == 0

    - name: Install SSL certificate for VNC
      command: kvmd-certbot install_vnc {{ domain }}
      when: certbot_output.rc == 0

    - name: Force SSL certificate renewal
      command: kvmd-certbot renew --force-renewal

    - name: Enable and start kvmd-certbot.timer
      systemd:
        name: kvmd-certbot.timer
        enabled: yes
        state: started
	---
	- name: Setup Let's Encrypt with Cloudflare DNS on PiKVM
	hosts: pikvm
	become: yes
	vars:
	cloudflare_email: "[email protected]"
	cloudflare_api_key: "your-cloudflare-api-key"
	domain: "pikvm.example.com"
	auth_file_path: "/var/lib/kvmd/pst/data/certbot/runroot/.cloudflare.auth"

	tasks:
	- name: Install certbot-dns-cloudflare
	pacman:
	name: certbot-dns-cloudflare
	state: present

	- name: Create directory for certbot runroot
	command: kvmd-pstrun -- mkdir -p /var/lib/kvmd/pst/data/certbot/runroot

	- name: Create Cloudflare credentials file
	copy:
	dest: "{{ auth_file_path }}"
	content: \|
	dns_cloudflare_email = {{ cloudflare_email }}
	dns_cloudflare_api_key = {{ cloudflare_api_key }}
	register: auth_file

	- name: Set permissions on Cloudflare credentials file
	command: kvmd-pstrun -- chmod 600 {{ auth_file_path }}
	when: auth_file.changed

	- name: Set ownership on Cloudflare credentials file
	command: kvmd-pstrun -- chown kvmd-certbot: {{ auth_file_path }}
	when: auth_file.changed

	- name: Obtain SSL certificate from Let's Encrypt
	command: >
	kvmd-certbot certonly
	--dns-cloudflare
	--dns-cloudflare-propagation-seconds 60
	--dns-cloudflare-credentials {{ auth_file_path }}
	--agree-tos
	-n
	--email {{ cloudflare_email }}
	-d {{ domain }}
	register: certbot_output

	- name: Install SSL certificate for nginx
	command: kvmd-certbot install_nginx {{ domain }}
	when: certbot_output.rc == 0

	- name: Install SSL certificate for VNC
	command: kvmd-certbot install_vnc {{ domain }}
	when: certbot_output.rc == 0

	- name: Force SSL certificate renewal
	command: kvmd-certbot renew --force-renewal

	- name: Enable and start kvmd-certbot.timer
	systemd:
	name: kvmd-certbot.timer
	enabled: yes
	state: started