roles/util/letsencrypt-cert/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2024 by someone <someone@somenet.org>
   6 #
   7 ---
   8 - name: append {{letsencrypt_cert_domain}} to domains.txt
   9   lineinfile:
  10     line: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}"
  11     path: "/etc/dehydrated/domains.txt"
  12     mode: 0640
  13     owner: "letsencrypt"
  14     group: "letsencrypt"
  15   changed_when: False
  16   when: letsencrypt_cert_domain != ""
  17
  18
  19 - name: create domains.txt.ansible.tmp for {{letsencrypt_cert_domain}}
  20   copy:
  21     content: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}\n"
  22     dest: "/etc/dehydrated/domains.txt.ansible.tmp"
  23     mode: 0640
  24     owner: "letsencrypt"
  25     group: "letsencrypt"
  26   changed_when: False
  27   when: letsencrypt_cert_domain != ""
  28
  29
  30 - name: request cert for {{letsencrypt_cert_domain}}
  31   shell: "/usr/bin/dehydrated -c"
  32   args:
  33     creates: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}/cert.pem"
  34   environment:
  35     DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
  36   become: true
  37   become_user: "letsencrypt"
  38   tags: "online"
  39   when: letsencrypt_cert_domain != ""
  40
  41
  42 - name: request cert-rsa for {{letsencrypt_cert_domain}}
  43   shell: "/usr/bin/dehydrated -f /etc/dehydrated/config-rsa -c"
  44   args:
  45     creates: "/etc/ssl/letsencrypt-rsa/{{letsencrypt_cert_domain}}/cert.pem"
  46   environment:
  47     DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
  48   become: true
  49   become_user: "letsencrypt"
  50   tags: "online"
  51   when: letsencrypt_cert_domain != ""
  52
  53
  54 - name: fix permissions for /etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}
  55   file:
  56     path: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}"
  57     state: directory
  58     recurse: yes
  59     mode: "u+rwX,g+rX,o-rwx"
  60     owner: "letsencrypt"
  61     group: "ssl-cert"
  62   when: letsencrypt_cert_domain != ""
  63
  64
  65 - name: fix permissions for /etc/ssl/letsencrypt-rsa/{{letsencrypt_cert_domain}}
  66   file:
  67     path: "/etc/ssl/letsencrypt-rsa/{{letsencrypt_cert_domain}}"
  68     state: directory
  69     recurse: yes
  70     mode: "u+rwX,g+rX,o-rwx"
  71     owner: "letsencrypt"
  72     group: "ssl-cert"
  73   when: letsencrypt_cert_domain != ""
  74
  75
  76 - name: remove domains.txt.ansible.tmp
  77   file:
  78     path: "/etc/dehydrated/domains.txt.ansible.tmp"
  79     state: absent
  80   changed_when: False