81 lines
2.0 KiB
YAML
81 lines
2.0 KiB
YAML
- name: Install ACME dependencies
|
|
package:
|
|
name: python3-acme
|
|
state: present
|
|
tags: acme_install
|
|
|
|
- name: Install SSL dependencies
|
|
package:
|
|
name: ssl-cert
|
|
state: present
|
|
|
|
- name: Create Let's Encrypt config directories
|
|
file:
|
|
path: "{{ config_dir }}"
|
|
state: directory
|
|
owner: root
|
|
group: "{{ acme_ssl_group }}"
|
|
mode: "711"
|
|
loop:
|
|
- "{{ acme_config_dir }}"
|
|
- "{{ acme_keys_dir }}"
|
|
- "{{ acme_accounts_dir }}"
|
|
- "{{ acme_csr_dir }}"
|
|
loop_control:
|
|
loop_var: config_dir
|
|
tags: acme_install
|
|
|
|
- name: Create challenge directory
|
|
file:
|
|
path: "{{ acme_challenge_dir }}/.well-known/acme-challenge"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "755"
|
|
tags: acme_install
|
|
|
|
- name: Perform ACME challenge for each domain
|
|
include_tasks:
|
|
file: acme_challenge.yml
|
|
apply:
|
|
tags: acme_challenge
|
|
loop: "{{ acme_domains | unique }}"
|
|
loop_control:
|
|
loop_var: domain_name
|
|
tags: acme_challenge
|
|
|
|
- name: Create directory for certificate renewal tool
|
|
file:
|
|
path: /opt/acme
|
|
owner: root
|
|
group: root
|
|
mode: "755"
|
|
state: directory
|
|
tags: acme_renew
|
|
|
|
- name: Copy script to renew ACME certificates
|
|
copy:
|
|
src: acme_renew_cert.py
|
|
dest: /opt/acme/acme_renew_cert.py
|
|
owner: root
|
|
group: root
|
|
mode: "755"
|
|
tags: acme_renew
|
|
|
|
- name: Setup cron job for ACME certificates renewal of {{ domain_name }}
|
|
cron:
|
|
name: acme renew {{ domain_name }} cert
|
|
job: >-
|
|
bash -c 'sleep $((RANDOM \% 3600))' && /opt/acme/acme_renew_cert.py {{ domain_name }} -q
|
|
-a {{ (acme_accounts_dir + '/' + acme_account_key) | quote }}
|
|
-p {{ acme_keys_dir | quote }}/{domain}.pem
|
|
-r {{ acme_csr_dir | quote }}/{domain}.csr
|
|
-o {{ acme_certs_dir | quote }}/{domain}.d
|
|
-c {{ acme_challenge_dir | quote }}/.well-known/acme-challenge
|
|
minute: "30"
|
|
hour: "2"
|
|
state: present
|
|
loop: "{{ acme_domains | unique }}"
|
|
loop_control:
|
|
loop_var: domain_name
|
|
tags: acme_renew |