Initial commit

This commit is contained in:
Mathieu Pasquet 2021-01-04 21:54:36 +01:00
commit b8ad942a1e
2 changed files with 52 additions and 0 deletions

12
README.md Normal file
View File

@ -0,0 +1,12 @@
# Simple acme.sh role
Fetches letsencrypt certificates for a list of domains.
It needs to be run after the **websites** roles to install nginx & proper directories.
# Expected parameters
**acme_domains**: List of domains
**acme_dest**: Absolute directory path where the certs should be written
**acme_owner**: unix user who should own the directory and certs
**acme_reload_cmd**: Command to run after certs have been updated

40
tasks/main.yml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Install acme.sh
community.general.pacman:
name: acme.sh
state: present
- name: Isntall acme.sh cron
cmd:
chdir: /usr/bin/
cmd: ./acme.sh --install
- name: Generate certificates
command:
cmd: >
acme.sh --issue -d {{ acme_domains | join(" -d ") }}
-w /var/lib/letsencrypt/webroot
creates: /root/.acme.sh/{{ acme_domains[0] }}
- name: Install certificates
command:
cmd: >
acme.sh --install-cert -d "{{ acme_domains[0] }}"
--fullchain-file "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
--key-file "{{ acme_dest }}/{{ acme_domains[0] }}.key"
--reloadcmd "{{ acme_reload_cmd }}"
creates:
- "{{ acme_dest }}/{{ acme_domains[0] }}.key"
- "{{ acme_dest }}/{{ acme_domains[0] }}.crt"
- name: Ensure cert permissions
file:
path: "{{ item }}"
state: file
owner: "{{ acme_owner }}"
group: "{{ acme_owner }}"
mode: 0600
loop:
- "{{ acme_dest }}/{{ acme_domains[0] }}.key"
- "{{ acme_dest }}/{{ acme_domains[0] }}.crt"