bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Activity Actions

Add common roles from polyfloyd's playbookds

Browse source
This commit is contained in:
polyfloyd 2022-10-05 21:17:25 +02:00
parent 1332f49101
commit e43ec3229f
23 changed files with 694 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
roles/acme/handlers/main.yaml Normal file
View file

@ -0,0 +1,5 @@
- name: update_contact_info
command: dehydrated --account
- name: query_certificates
command: dehydrated --cron

80
roles/acme/tasks/main.yaml Normal file
View file

@ -0,0 +1,80 @@
---
- import_tasks: remove_conflicting.yaml
tags: [ never, acme_remove_conflicting ]
- name: Install Dehydrated
tags: [ acme, acme_install ]
block:
- name: Install dependencies
apt:
name: ssl-cert
state: present
- name: Install Dehydrated
apt:
name: dehydrated
state: present
default_release: "{{ ansible_distribution_release }}-backports"
- name: Install config file
template:
src: config.sh
dest: /etc/dehydrated/conf.d/ansible.sh
owner: root
group: root
mode: 0755
notify: update_contact_info
- name: Install deploy hook
template:
src: deploy.sh
dest: /etc/dehydrated/conf.d/deploy.sh
owner: root
group: root
mode: 0755
- name: Install cronjob
template:
src: cron
dest: /etc/cron.d/dehydrated
owner: root
group: root
mode: 0644
- name: Create Nginx snippet snippets dir
file:
state: directory
path: /etc/nginx/snippets
owner: root
group: root
mode: 0755
- name: Install Nginx snippet
template:
src: nginx-snippet.conf
dest: /etc/nginx/snippets/acme.conf
owner: root
group: root
mode: 0644
- name: Register account
command: dehydrated --register --accept-terms
args:
creates: /var/lib/dehydrated/accounts
- tags: [ acme, acme_certs ]
block:
- name: Configure certificates
template:
src: domains.txt
dest: /etc/dehydrated/domains.txt
owner: root
group: root
mode: 0644
notify: query_certificates
- name: Symlink SAN domains
include_tasks: san_domains_loop.yaml
loop: "{{ acme_san_domains|default([]) }}"
loop_control:
loop_var: domains

30
roles/acme/tasks/remove_conflicting.yaml Normal file
View file

@ -0,0 +1,30 @@
---
- name: Remove acmetool from apt
apt:
name: acmetool
state: absent
- name: Remove files
file:
state: absent
path: "{{ item }}"
with_items:
- /etc/cron.d/acmetool
- /usr/local/bin/acmetool
- /var/lib/acme
- name: Remove certbot from apt
apt:
name: [ letsencrypt, certbot ]
state: absent
autoremove: yes
- name: Remove variable directories
file:
state: absent
path: /usr/local/bin/acmetool
with_items:
- /etc/letsencrypt
- /var/letsencrypt
- /var/lib/letsencrypt
- /var/log/letsencrypt

11
roles/acme/tasks/san_domains_loop.yaml Normal file
View file

@ -0,0 +1,11 @@
---
- stat:
path: "/var/lib/dehydrated/certs/{{ domains[0] }}"
register: cert_stat
- file:
state: link
path: "/var/lib/dehydrated/certs/{{ item }}"
src: "/var/lib/dehydrated/certs/{{ domains[0] }}"
loop: "{{ domains[1:] }}"
when: cert_stat.stat.exists == True

5
roles/acme/templates/config.sh Normal file
View file

@ -0,0 +1,5 @@
#!/bin/bash
# Managed by Ansible
CONTACT_EMAIL={{ notify_email }}

6
roles/acme/templates/cron Normal file
View file

@ -0,0 +1,6 @@
# Managed by Ansible
SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
49 6 * * * root /usr/bin/dehydrated --cron

9
roles/acme/templates/deploy.sh Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
# Managed by Ansible
deploy_cert() {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
systemctl reload nginx.service
}

9
roles/acme/templates/domains.txt Normal file
View file

@ -0,0 +1,9 @@
# Managed by Ansible
{% for domain in acme_domains|default([]) %}
{{ domain }}
{% endfor %}
{% for domains in acme_san_domains|default([]) %}
{{ domains | join(' ') }}
{% endfor %}

6
roles/acme/templates/nginx-snippet.conf Normal file
View file

@ -0,0 +1,6 @@
# Managed by Ansible
location /.well-known/acme-challenge {
allow all;
alias /var/lib/dehydrated/acme-challenges;
}