]> git.somenet.org - root/pub/somesible.git/blob - roles/util/letsencrypt-cert/tasks/main.yml
[roles/util/letsencrypt-cert] request letsencrypt-cert helper role
[root/pub/somesible.git] / roles / util / letsencrypt-cert / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
6 #
7 ---
8 - name: append {{letsencrypt_cert_domain}} to domains.txt
9   lineinfile:
10     line: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}"
11     path: "/etc/dehydrated/domains.txt"
12     mode: 0640
13     owner: "letsencrypt"
14     group: "letsencrypt"
15   changed_when: False
16   when: letsencrypt_cert_domain != ""
17
18
19 - name: create domains.txt.ansible.tmp for {{letsencrypt_cert_domain}}
20   copy:
21     content: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}\n"
22     dest: "/etc/dehydrated/domains.txt.ansible.tmp"
23     mode: 0640
24     owner: "letsencrypt"
25     group: "letsencrypt"
26   changed_when: False
27   when: letsencrypt_cert_domain != ""
28
29
30 - name: request cert for {{letsencrypt_cert_domain}}
31   shell: "/usr/bin/dehydrated -c"
32   args:
33     creates: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}/cert.pem"
34   environment:
35     DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
36   become: true
37   become_user: "letsencrypt"
38   tags: "online"
39   when: letsencrypt_cert_domain != ""
40
41
42 - name: fix permissions for /etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}
43   file:
44     path: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}"
45     state: directory
46     recurse: yes
47     mode: "u+rwX,g+rX,o-rwx"
48     owner: "letsencrypt"
49     group: "ssl-cert"
50   when: letsencrypt_cert_domain != ""
51
52
53 - name: remove domains.txt.ansible.tmp
54   file:
55     path: "/etc/dehydrated/domains.txt.ansible.tmp"
56     state: absent
57   changed_when: False