ansible-role-acme/tasks/main.yml

- name: Install ACME dependencies
  package:
    name: "{{ package }}"
    state: present
  loop: "{{ acme_packages }}"
  loop_control:
    loop_var: package
  tags: acme_install

- name: Install SSL dependencies
  package:
    name: ssl-cert
    state: present
  tags: acme_install

- name: Create ACME config directories
  file:
    path: "{{ config_dir }}"
    state: directory
    owner: root
    group: root
    mode: "755"
  loop:
    - "{{ acme_config_dir }}"
    - "{{ acme_certs_dir }}"
    - "{{ acme_csr_dir }}"
  loop_control:
    loop_var: config_dir
  tags: acme_install

- name: Create ACME private keys directory
  file:
    path: "{{ acme_keys_dir }}"
    state: directory
    owner: root
    group: "{{ acme_ssl_group }}"
    mode: "640"
  tags: acme_install

- name: Create ACME accounts directory
  file:
    path: "{{ acme_accounts_dir }}"
    state: directory
    owner: root
    group: root
    mode: "640"
  tags: acme_install

- name: Copy ACME config file
  copy:
    content: "{{ acme_config | to_nice_yaml(indent=2) }}"
    dest: "{{ acme_config_file }}"
    owner: root
    group: root
    mode: "600"
  tags: [acme_install, acme_config]

- name: Create directory for certificate renewal tool
  file:
    path: /opt/acme
    owner: root
    group: root
    mode: "755"
    state: directory
  tags: acme_install

- name: Copy script to renew ACME certificates
  copy:
    src: acme_renew_cert.py
    dest: "{{ acme_script_dir }}/acme_renew_cert.py"
    owner: root
    group: root
    mode: "755"
  tags: acme_install

- name: Create '{{ acme_script_bin }}' symlink for ACME renewal script
  file:
    src: "{{ acme_script_dir }}/acme_renew_cert.py"
    dest: "{{ acme_script_bin }}"
    state: link
    owner: root
    group: root
    mode: "755"
  tags: acme_install

- name: Perform ACME challenge for each domain
  command: acme-renew-cert -v -c {{ acme_config_file | quote }}
  tags: acme_challenge

- name: Setup cron job for ACME certificates renewal of {{ domain_name }}
  cron:
    user: root
    name: acme-renew-cert
    cron_file: acme-renew-cert
    job: "{{ acme_script_bin }} -q {{ acme_config_file | quote }}"
    minute: "30"
    hour: "2"
    state: present
  tags: acme_cron
create acme role 2020-05-21 20:25:55 +02:00			`- name: Install ACME dependencies`
create molecule scenario and adapt role 2020-12-02 18:40:25 +01:00			`package:`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`name: "{{ package }}"`
create acme role 2020-05-21 20:25:55 +02:00			`state: present`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`loop: "{{ acme_packages }}"`
			`loop_control:`
			`loop_var: package`
create acme role 2020-05-21 20:25:55 +02:00			`tags: acme_install`

create molecule scenario and adapt role 2020-12-02 18:40:25 +01:00			`- name: Install SSL dependencies`
			`package:`
			`name: ssl-cert`
			`state: present`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`tags: acme_install`
create molecule scenario and adapt role 2020-12-02 18:40:25 +01:00
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`- name: Create ACME config directories`
create acme role 2020-05-21 20:25:55 +02:00			`file:`
			`path: "{{ config_dir }}"`
			`state: directory`
			`owner: root`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`group: root`
			`mode: "755"`
create acme role 2020-05-21 20:25:55 +02:00			`loop:`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`- "{{ acme_config_dir }}"`
			`- "{{ acme_certs_dir }}"`
			`- "{{ acme_csr_dir }}"`
create acme role 2020-05-21 20:25:55 +02:00			`loop_control:`
			`loop_var: config_dir`
			`tags: acme_install`

acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`- name: Create ACME private keys directory`
			`file:`
			`path: "{{ acme_keys_dir }}"`
			`state: directory`
			`owner: root`
			`group: "{{ acme_ssl_group }}"`
			`mode: "640"`
			`tags: acme_install`

			`- name: Create ACME accounts directory`
create acme role 2020-05-21 20:25:55 +02:00			`file:`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`path: "{{ acme_accounts_dir }}"`
create acme role 2020-05-21 20:25:55 +02:00			`state: directory`
			`owner: root`
			`group: root`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`mode: "640"`
create acme role 2020-05-21 20:25:55 +02:00			`tags: acme_install`

acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`- name: Copy ACME config file`
			`copy:`
			`content: "{{ acme_config \| to_nice_yaml(indent=2) }}"`
			`dest: "{{ acme_config_file }}"`
			`owner: root`
			`group: root`
			`mode: "600"`
			`tags: [acme_install, acme_config]`
create acme role 2020-05-21 20:25:55 +02:00
			`- name: Create directory for certificate renewal tool`
			`file:`
			`path: /opt/acme`
			`owner: root`
			`group: root`
			`mode: "755"`
			`state: directory`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`tags: acme_install`
create acme role 2020-05-21 20:25:55 +02:00
			`- name: Copy script to renew ACME certificates`
			`copy:`
			`src: acme_renew_cert.py`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`dest: "{{ acme_script_dir }}/acme_renew_cert.py"`
create acme role 2020-05-21 20:25:55 +02:00			`owner: root`
			`group: root`
			`mode: "755"`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`tags: acme_install`

			`- name: Create '{{ acme_script_bin }}' symlink for ACME renewal script`
			`file:`
			`src: "{{ acme_script_dir }}/acme_renew_cert.py"`
			`dest: "{{ acme_script_bin }}"`
			`state: link`
			`owner: root`
			`group: root`
			`mode: "755"`
			`tags: acme_install`

			`- name: Perform ACME challenge for each domain`
			`command: acme-renew-cert -v -c {{ acme_config_file \| quote }}`
			`tags: acme_challenge`

create acme role 2020-05-21 20:25:55 +02:00			`- name: Setup cron job for ACME certificates renewal of {{ domain_name }}`
			`cron:`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`user: root`
			`name: acme-renew-cert`
			`cron_file: acme-renew-cert`
			`job: "{{ acme_script_bin }} -q {{ acme_config_file \| quote }}"`
create acme role 2020-05-21 20:25:55 +02:00			`minute: "30"`
			`hour: "2"`
			`state: present`
acme script read the domains from config file 2020-12-25 18:41:34 +01:00			`tags: acme_cron`