summaryrefslogtreecommitdiffstats
path: root/roles/acme/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/acme/tasks/main.yml')
-rw-r--r--roles/acme/tasks/main.yml49
1 files changed, 49 insertions, 0 deletions
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
new file mode 100644
index 0000000..d9c1a0a
--- /dev/null
+++ b/roles/acme/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Create user acme
+ user:
+ name: acme
+ shell: /bin/bash
+ state: present
+
+- name: Clone ACME.sh repository
+ become: yes
+ become_user: acme
+ git:
+ repo: https://github.com/Neilpang/acme.sh.git
+ dest: /home/acme/acme.sh
+ update: no
+
+- name: Prepare webroot directory
+ file:
+ path: /home/acme/webroot/.well-known
+ state: directory
+ owner: acme
+ group: acme
+ mode: 0755
+
+- name: Install ACME.sh
+ become: yes
+ become_user: acme
+ command: ./acme.sh --install
+ args:
+ chdir: /home/acme/acme.sh
+ creates: /home/acme/.acme.sh
+
+- name: Deploy sudoers file for acme
+ template:
+ src: acme.j2
+ dest: /etc/sudoers.d/acme
+ owner: root
+ group: root
+ mode: 0440
+
+- name: Issue certificates
+ become: yes
+ become_user: acme
+ command: '.acme.sh/acme.sh --issue -d {{ item | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ acme_reload_cmd }}"'
+ args:
+ chdir: /home/acme
+ creates: "/home/acme/.acme.sh/{{ item[0] }}/{{ item[0] }}.cer"
+ with_items:
+ - "{{ acme_issue_certs }}"
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-22 23:08:01 +0100