diff options
Diffstat (limited to 'roles/acme')
| -rw-r--r-- | roles/acme/defaults/main.yml | 3 | ||||
| -rw-r--r-- | roles/acme/meta/main.yml | 3 | ||||
| -rw-r--r-- | roles/acme/tasks/main.yml | 49 | ||||
| -rw-r--r-- | roles/acme/templates/acme.j2 | 1 |
4 files changed, 56 insertions, 0 deletions
diff --git a/roles/acme/defaults/main.yml b/roles/acme/defaults/main.yml new file mode 100644 index 0000000..e46aab8 --- /dev/null +++ b/roles/acme/defaults/main.yml @@ -0,0 +1,3 @@ +acme_reload_cmd: "/bin/systemctl reload nginx" +## Specify certificates as list of lists of domains +acme_issue_certs: [] diff --git a/roles/acme/meta/main.yml b/roles/acme/meta/main.yml new file mode 100644 index 0000000..23b99d1 --- /dev/null +++ b/roles/acme/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: +- { role: nginx } diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml new file mode 100644 index 0000000..d9c1a0a --- /dev/null +++ b/roles/acme/tasks/main.yml @@ -0,0 +1,49 @@ +--- + +- name: Create user acme + user: + name: acme + shell: /bin/bash + state: present + +- name: Clone ACME.sh repository + become: yes + become_user: acme + git: + repo: https://github.com/Neilpang/acme.sh.git + dest: /home/acme/acme.sh + update: no + +- name: Prepare webroot directory + file: + path: /home/acme/webroot/.well-known + state: directory + owner: acme + group: acme + mode: 0755 + +- name: Install ACME.sh + become: yes + become_user: acme + command: ./acme.sh --install + args: + chdir: /home/acme/acme.sh + creates: /home/acme/.acme.sh + +- name: Deploy sudoers file for acme + template: + src: acme.j2 + dest: /etc/sudoers.d/acme + owner: root + group: root + mode: 0440 + +- name: Issue certificates + become: yes + become_user: acme + command: '.acme.sh/acme.sh --issue -d {{ item | join(" -d ") }} -w /home/acme/webroot/ --reloadcmd "sudo {{ acme_reload_cmd }}"' + args: + chdir: /home/acme + creates: "/home/acme/.acme.sh/{{ item[0] }}/{{ item[0] }}.cer" + with_items: + - "{{ acme_issue_certs }}" diff --git a/roles/acme/templates/acme.j2 b/roles/acme/templates/acme.j2 new file mode 100644 index 0000000..dc61823 --- /dev/null +++ b/roles/acme/templates/acme.j2 @@ -0,0 +1 @@ +acme ALL=(ALL) NOPASSWD: {{ acme_reload_cmd }} |