Provides roles acme and nginx

1 files changed, 49 insertions, 0 deletions

diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
new file mode 100644
index 0000000..d9c1a0a
--- /dev/null
+++ b/roles/acme/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Create user acme
+  user:
+    name: acme
+    shell: /bin/bash
+    state: present
+
+- name: Clone ACME.sh repository
+  become: yes
+  become_user: acme
+  git:
+    repo: https://github.com/Neilpang/acme.sh.git
+    dest: /home/acme/acme.sh
+    update: no
+
+- name: Prepare webroot directory
+  file:
+    path: /home/acme/webroot/.well-known
+    state: directory
+    owner: acme
+    group: acme
+    mode: 0755
+
+- name: Install ACME.sh
+  become: yes
+  become_user: acme
+  command: ./acme.sh --install
+  args:
+    chdir: /home/acme/acme.sh
+    creates: /home/acme/.acme.sh
+
+- name: Deploy sudoers file for acme
+  template:
+    src: acme.j2
+    dest: /etc/sudoers.d/acme
+    owner: root
+    group: root
+    mode: 0440
+
+- name: Issue certificates
+  become: yes
+  become_user: acme
+  command: '.acme.sh/acme.sh --issue -d {{ item | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ acme_reload_cmd }}"'
+  args:
+    chdir: /home/acme
+    creates: "/home/acme/.acme.sh/{{ item[0] }}/{{ item[0] }}.cer"
+  with_items:
+  - "{{ acme_issue_certs }}"