Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>

roles/certbot/README.md

@@ -0,0 +1,77 @@
+# Ansible Role Certbot
+
+## Table of content
+
+<!-- ANSIBLE DOCSMITH TOC START -->
+* [Role variables](#variables)
+  * [`certbot_email`](#variable-certbot_email)
+  * [`certbot_domain`](#variable-certbot_domain)
+  * [`certbot_molecule`](#variable-certbot_molecule)
+<!-- ANSIBLE DOCSMITH TOC END -->
+
+<!-- ANSIBLE DOCSMITH MAIN START -->
+
+## Role variables<a id="variables"></a>
+
+The following variables can be configured for this role:
+
+| Variable | Type | Required | Default | Description (abstract) |
+|----------|------|----------|---------|------------------------|
+| `certbot_email` | `str` | Yes | N/A | E-mail to register the certificate. |
+| `certbot_domain` | `str` | Yes | N/A | Domain name to register the certificate. |
+| `certbot_molecule` | `bool` | No | `false` | Run the role with Ansible Molecule.<br><br>Disable cert generation in the CI. |
+
+### `certbot_email`<a id="variable-certbot_email"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+E-mail to register the certificate.
+
+- **Type**: `str`
+- **Required**: Yes
+
+
+
+### `certbot_domain`<a id="variable-certbot_domain"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Domain name to register the certificate.
+
+- **Type**: `str`
+- **Required**: Yes
+
+
+
+### `certbot_molecule`<a id="variable-certbot_molecule"></a>
+
+[*⇑ Back to ToC ⇑*](#toc)
+
+Run the role with Ansible Molecule.
+
+Disable cert generation in the CI.
+
+- **Type**: `bool`
+- **Required**: No
+- **Default**: `false`
+
+
+
+
+<!-- ANSIBLE DOCSMITH MAIN END -->
+
+## Usage
+
+Playbook example:
+
+```yaml
+- hosts: all
+  roles:
+    - jriou.general.certbot
+```
+
+Then run the playbook:
+
+```
+ansible-playbook play.yml
+```

roles/certbot/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+
+# Run the role with Ansible Molecule.
+#
+# Disable cert generation in the CI.
+#
+# - Type: bool
+# - Required: No
+# - Default: false
+certbot_molecule: false

roles/certbot/meta/argument_specs.yml

@@ -0,0 +1,25 @@
+---
+argument_specs:
+  main:
+    short_description: Install and configure a certbot
+    description:
+      - Install and configure a [certbot](https://certbot.eff.org/).
+    author:
+      - jriou
+    options:
+      certbot_email:
+        description:
+          - E-mail to register the certificate.
+        required: true
+
+      certbot_domain:
+        description:
+          - Domain name to register the certificate.
+        required: true
+
+      certbot_molecule:
+        description:
+          - Run the role with Ansible Molecule.
+          - Disable cert generation in the CI.
+        type: bool
+        default: false

roles/certbot/molecule/default/converge.yml

@@ -0,0 +1,9 @@
+---
+- name: Converge
+  hosts: molecule
+  roles:
+    - certbot
+  vars:
+    certbot_domain: test.org
+    certbot_email: test@test.org
+    certbot_molecule: true

roles/certbot/molecule/default/create.yml

@@ -0,0 +1,18 @@
+---
+- name: Create containers
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Create containers
+      containers.podman.podman_container:
+        hostname: "{{ item }}"
+        name: "{{ item }}"
+        image: "{{ hostvars[item]['container_image'] }}"
+        state: started
+      loop: "{{ groups['molecule'] }}"
+
+    - name: Wait for containers to be ready
+      ansible.builtin.wait_for_connection:
+        timeout: 300
+      delegate_to: "{{ item }}"
+      loop: "{{ groups['molecule'] }}"

roles/certbot/molecule/default/destroy.yml

@@ -0,0 +1,11 @@
+---
+- name: Destroy container instances
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Remove containers
+      containers.podman.podman_container:
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ groups['molecule'] }}"
+      failed_when: false

roles/certbot/molecule/default/inventory/hosts.yml

@@ -0,0 +1,12 @@
+---
+molecule:
+  hosts:
+    debian11:
+      ansible_connection: containers.podman.podman
+      container_image: docker.io/geerlingguy/docker-debian11-ansible:latest
+    debian12:
+      ansible_connection: containers.podman.podman
+      container_image: docker.io/geerlingguy/docker-debian12-ansible:latest
+    debian13:
+      ansible_connection: containers.podman.podman
+      container_image: docker.io/geerlingguy/docker-debian13-ansible:latest

roles/certbot/molecule/default/molecule.yml

@@ -0,0 +1,24 @@
+---
+ansible:
+  executor:
+    args:
+      ansible_playbook:
+        - --inventory=inventory/
+  env:
+    ANSIBLE_ROLES_PATH: ../../../../roles
+  playbooks:
+    create: create.yml
+    destroy: destroy.yml
+    converge: converge.yml
+
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ${MOLECULE_SCENARIO_DIRECTORY}/requirements.yml
+
+scenario:
+  test_sequence:
+    - create
+    - converge
+    - idempotence
+    - destroy

roles/certbot/molecule/default/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+  - name: containers.podman

roles/certbot/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: Install packages
+  ansible.builtin.apt:
+    name: certbot
+    update_cache: true
+
+- name: Request certificate
+  ansible.builtin.command:
+    cmd: >-
+      certbot certonly --standalone -n --agree-tos
+        --email {{ certbot_email }} -d {{ certbot_domain }}
+    creates: /etc/letsencrypt/live/{{ certbot_domain }}/fullchain.pem
+  when: not certbot_molecule