Rework acme role
This commit is contained in:
parent
b29062a436
commit
ce1babbeda
8 changed files with 47 additions and 80 deletions
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
|
||||
- name: update_contact_info
|
||||
ansible.builtin.command:
|
||||
cmd: dehydrated --account
|
||||
|
||||
- name: query_certificates
|
||||
- name: run dehydrated
|
||||
ansible.builtin.command:
|
||||
cmd: dehydrated --cron
|
||||
|
|
|
@ -1,82 +1,46 @@
|
|||
---
|
||||
- ansible.builtin.import_tasks:
|
||||
file: remove_conflicting.yaml
|
||||
tags: [ never, acme_remove_conflicting ]
|
||||
|
||||
- name: Install Dehydrated
|
||||
tags: [ acme, acme_install ]
|
||||
block:
|
||||
- name: Install dependencies
|
||||
ansible.builtin.apt:
|
||||
name: ssl-cert
|
||||
state: present
|
||||
ansible.builtin.apt:
|
||||
state: present
|
||||
pkg:
|
||||
- dehydrated
|
||||
tags:
|
||||
- acme
|
||||
|
||||
- name: Install Dehydrated
|
||||
ansible.builtin.apt:
|
||||
name: dehydrated
|
||||
state: present
|
||||
- name: Create Nginx snippet snippets dir
|
||||
ansible.builtin.file:
|
||||
state: "directory"
|
||||
path: "/etc/nginx/snippets"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: Install config file
|
||||
ansible.builtin.template:
|
||||
src: config.sh
|
||||
dest: /etc/dehydrated/conf.d/ansible.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
notify: update_contact_info
|
||||
- name: Template dehydrated configfiles
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner | default('root') }}"
|
||||
group: "{{ item.group | default('root') }}"
|
||||
mode: "{{ item.mode | default('0640') }}"
|
||||
notify: "{{ item.notify | default([]) }}"
|
||||
with_items:
|
||||
- { src: "config.sh", dest: "/etc/dehydrated/conf.d/ansible.sh", mode: '0755' }
|
||||
- { src: "deploy.sh", dest: "/etc/dehydrated/conf.d/deploy.sh", mode: '0755' }
|
||||
- { src: "cron", dest: "/etc/cron.d/dehydrated" }
|
||||
- { src: "nginx-snippet.conf", dest: "/etc/nginx/snippets/acme.conf" }
|
||||
- { src: "domains.txt", dest: "/etc/dehydrated/domains.txt", notify: "run dehydrated" }
|
||||
|
||||
- name: Install deploy hook
|
||||
ansible.builtin.template:
|
||||
src: deploy.sh
|
||||
dest: /etc/dehydrated/conf.d/deploy.sh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
- name: Register account
|
||||
ansible.builtin.command:
|
||||
args:
|
||||
cmd: dehydrated --register --accept-terms
|
||||
creates: /var/lib/dehydrated/accounts
|
||||
|
||||
- name: Install cronjob
|
||||
ansible.builtin.template:
|
||||
src: cron
|
||||
dest: /etc/cron.d/dehydrated
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
- name: Symlink SAN domains
|
||||
ansible.builtin.include_tasks:
|
||||
file: san_domains_loop.yaml
|
||||
loop: "{{ acme_san_domains|default([]) }}"
|
||||
loop_control:
|
||||
loop_var: domains
|
||||
|
||||
- name: Create Nginx snippet snippets dir
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /etc/nginx/snippets
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
|
||||
- name: Install Nginx snippet
|
||||
ansible.builtin.template:
|
||||
src: nginx-snippet.conf
|
||||
dest: /etc/nginx/snippets/acme.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Register account
|
||||
ansible.builtin.command:
|
||||
cmd: dehydrated --register --accept-terms
|
||||
args:
|
||||
creates: /var/lib/dehydrated/accounts
|
||||
|
||||
- tags: [ acme, acme_certs ]
|
||||
block:
|
||||
- name: Configure certificates
|
||||
ansible.builtin.template:
|
||||
src: domains.txt
|
||||
dest: /etc/dehydrated/domains.txt
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: query_certificates
|
||||
|
||||
- name: Symlink SAN domains
|
||||
ansible.builtin.include_tasks:
|
||||
file: san_domains_loop.yaml
|
||||
loop: "{{ acme_san_domains|default([]) }}"
|
||||
loop_control:
|
||||
loop_var: domains
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
|
||||
- ansible.builtin.stat:
|
||||
path: "/var/lib/dehydrated/certs/{{ domains[0] }}"
|
||||
register: cert_stat
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Managed by Ansible
|
||||
# {{ ansible_managed }}
|
||||
|
||||
CONTACT_EMAIL={{ notify_email }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Managed by Ansible
|
||||
# {{ ansible_managed }}
|
||||
|
||||
SHELL=/bin/sh
|
||||
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Managed by Ansible
|
||||
# {{ ansible_managed }}
|
||||
|
||||
systemctl reload nginx.service
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Managed by Ansible
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{% for domain in acme_domains|default([]) %}
|
||||
{{ domain }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Managed by Ansible
|
||||
# {{ ansible_managed }}
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
allow all;
|
||||
|
|
Loading…
Add table
Reference in a new issue