From 6962597e95b860c55ed15870af1bbb2c54857b18 Mon Sep 17 00:00:00 2001
From: Simon Flandergan <simon.flandergan@device-insight.com>
Date: Thu, 3 Oct 2019 09:56:38 +0200
Subject: [PATCH] use nginx plugin for renewal

---
 defaults/main.yml              |  2 +-
 tasks/install-nginx-plugin.yml | 12 ++++++++++++
 tasks/install-with-package.yml |  3 +++
 vars/Debian-9.yml              |  6 ++++++
 vars/Ubuntu-16.04.yml          |  3 +++
 vars/Ubuntu-18.04.yml          |  5 +++++
 vars/default.yml               |  2 ++
 7 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 tasks/install-nginx-plugin.yml
 create mode 100644 vars/Debian-9.yml
 create mode 100644 vars/Ubuntu-18.04.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 7002b26..70686e5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,7 +4,7 @@ certbot_auto_renew: true
 certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
 certbot_auto_renew_hour: "3"
 certbot_auto_renew_minute: "30"
-certbot_auto_renew_options: "--quiet --no-self-upgrade"
+certbot_auto_renew_options: "--quiet --no-self-upgrade --nginx"
 
 # Parameters used when creating new Certbot certs.
 certbot_create_if_missing: false
diff --git a/tasks/install-nginx-plugin.yml b/tasks/install-nginx-plugin.yml
new file mode 100644
index 0000000..c19f17d
--- /dev/null
+++ b/tasks/install-nginx-plugin.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Add apt repository
+  apt_repository:
+    repo: "{{ item }}"
+    state: present
+  loop: "{{ certbot_nginx_plugin_apt_repos }}"
+
+- name: Install nginx plugin
+  package:
+    name: "{{ certbot_nginx_plugin }}"
+    state: present
diff --git a/tasks/install-with-package.yml b/tasks/install-with-package.yml
index 10490ff..84535ea 100644
--- a/tasks/install-with-package.yml
+++ b/tasks/install-with-package.yml
@@ -5,3 +5,6 @@
 - name: Set Certbot script variable.
   set_fact:
     certbot_script: "{{ certbot_package }}"
+
+- import_tasks: install-nginx-plugin.yml
+  when: "certbot_auto_renew_options is search('--nginx')"
diff --git a/vars/Debian-9.yml b/vars/Debian-9.yml
new file mode 100644
index 0000000..9f685c6
--- /dev/null
+++ b/vars/Debian-9.yml
@@ -0,0 +1,6 @@
+---
+certbot_package: certbot
+certbot_nginx_plugin: python-certbot-nginx
+certbot_nginx_plugin_apt_repos:
+  - deb http://deb.debian.org/debian stretch-backports main contrib non-free
+  - deb-src http://deb.debian.org/debian stretch-backports main contrib non-free
diff --git a/vars/Ubuntu-16.04.yml b/vars/Ubuntu-16.04.yml
index 83cf124..ebba155 100644
--- a/vars/Ubuntu-16.04.yml
+++ b/vars/Ubuntu-16.04.yml
@@ -1,2 +1,5 @@
 ---
 certbot_package: letsencrypt
+certbot_nginx_plugin: python-certbot-nginx
+certbot_nginx_plugin_apt_repos:
+  - ppa:certbot/certbot
diff --git a/vars/Ubuntu-18.04.yml b/vars/Ubuntu-18.04.yml
new file mode 100644
index 0000000..f84057a
--- /dev/null
+++ b/vars/Ubuntu-18.04.yml
@@ -0,0 +1,5 @@
+---
+certbot_package: certbot
+certbot_nginx_plugin: python-certbot-nginx
+certbot_nginx_plugin_apt_repos:
+  - ppa:certbot/certbot
diff --git a/vars/default.yml b/vars/default.yml
index d88f2dc..b1e7868 100644
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -1,2 +1,4 @@
 ---
 certbot_package: certbot
+certbot_nginx_plugin: python2-certbot-nginx
+certbot_nginx_plugin_apt_repos: []