]> git.somenet.org - root/pub/somesible.git/blob - roles/util/letsencrypt-cert/tasks/main.yml
roles/server/nginx/vhost-unified
[root/pub/somesible.git] / roles / util / letsencrypt-cert / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
6 #
7 ---
8 - name: append {{letsencrypt_cert_domain}} to domains.txt
9   lineinfile:
10     line: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}"
11     path: "/etc/dehydrated/domains.txt"
12     mode: 0640
13     owner: "letsencrypt"
14     group: "letsencrypt"
15   changed_when: False
16   when: letsencrypt_cert_domain != ""
17
18
19 - name: create domains.txt.ansible.tmp for {{letsencrypt_cert_domain}}
20   copy:
21     content: "{{letsencrypt_cert_domain}} {{letsencrypt_cert_domain_alias}}\n"
22     dest: "/etc/dehydrated/domains.txt.ansible.tmp"
23     mode: 0640
24     owner: "letsencrypt"
25     group: "letsencrypt"
26   changed_when: False
27   when: letsencrypt_cert_domain != ""
28
29
30 - name: request cert for {{letsencrypt_cert_domain}}
31   shell: "/usr/bin/dehydrated -c"
32   args:
33     creates: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}/cert.pem"
34   environment:
35     DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
36   become: true
37   become_user: "letsencrypt"
38   tags: "online"
39   when: letsencrypt_cert_domain != ""
40
41
42 - name: request cert-rsa for {{letsencrypt_cert_domain}}
43   shell: "/usr/bin/dehydrated -f /etc/dehydrated/config-rsa -c"
44   args:
45     creates: "/etc/ssl/letsencrypt-rsa/{{letsencrypt_cert_domain}}/cert.pem"
46   environment:
47     DOMAINS_TXT: '/etc/dehydrated/domains.txt.ansible.tmp'
48   become: true
49   become_user: "letsencrypt"
50   tags: "online"
51   when: letsencrypt_cert_domain != ""
52
53
54 - name: fix permissions for /etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}
55   file:
56     path: "/etc/ssl/letsencrypt/{{letsencrypt_cert_domain}}"
57     state: directory
58     recurse: yes
59     mode: "u+rwX,g+rX,o-rwx"
60     owner: "letsencrypt"
61     group: "ssl-cert"
62   when: letsencrypt_cert_domain != ""
63
64
65 - name: fix permissions for /etc/ssl/letsencrypt-rsa/{{letsencrypt_cert_domain}}
66   file:
67     path: "/etc/ssl/letsencrypt-rsa/{{letsencrypt_cert_domain}}"
68     state: directory
69     recurse: yes
70     mode: "u+rwX,g+rX,o-rwx"
71     owner: "letsencrypt"
72     group: "ssl-cert"
73   when: letsencrypt_cert_domain != ""
74
75
76 - name: remove domains.txt.ansible.tmp
77   file:
78     path: "/etc/dehydrated/domains.txt.ansible.tmp"
79     state: absent
80   changed_when: False