Change iptables only if really required

23f250c9 · jurgenhaas · f17f06fd · 23f250c9 · 23f250c9
Commit 23f250c9 authored 5 years ago by jurgenhaas
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -17,6 +17,7 @@
      protocol: tcp
      jump: ACCEPT
      state: present
+    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver

  - name: Install New Cert via webroot
    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --cert-name {{ cert.domain }} --webroot-path /var/www/html --webroot
@@ -36,6 +37,7 @@
      protocol: tcp
      jump: ACCEPT
      state: absent
+    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver

  - include_tasks: cert_deploy.yml


--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -19,6 +19,7 @@
    protocol: tcp
    jump: ACCEPT
    state: present
+  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver

 - name: Renew Existing Certs via webroot
  shell: certbot renew --non-interactive --webroot-path /var/www/html --webroot
@@ -42,6 +43,7 @@
    protocol: tcp
    jump: ACCEPT
    state: absent
+  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver

 - include_tasks: cert_deploy.yml
  with_items: '{{ letsencrypt_certificates|default([]) }}'