diff options
| author | Mitch Riedstra <mitch@riedstra.us> | 2020-10-04 23:21:41 -0400 |
|---|---|---|
| committer | Mitch Riedstra <mitch@riedstra.us> | 2020-10-04 23:21:41 -0400 |
| commit | 2f77c2f0d1faec9b4af9e5b8445b5a287d966aeb (patch) | |
| tree | 57074ea6b0f726fdb541f9c7d7e2d6f169b5564e /tasks/main.yml | |
| download | acme.sh-2f77c2f0d1faec9b4af9e5b8445b5a287d966aeb.tar.gz acme.sh-2f77c2f0d1faec9b4af9e5b8445b5a287d966aeb.tar.xz | |
Initial work in progress
Diffstat (limited to 'tasks/main.yml')
| -rw-r--r-- | tasks/main.yml | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..b3c0570 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,80 @@ +--- +- name: Create acme user + user: + name: '{{acmesh_user.name}}' + state: present + home: '{{acmesh_user.home}}' + shell: '{{acmesh_user.shell}}' + system: '{{acmesh_user.system}}' +- name: Set homedir permissions + file: + path: '{{acmesh_user.home}}' + state: directory + mode: '0710' + owner: '{{acmesh_user.name}}' +- name: Create install directory + file: + state: directory + owner: '{{acmesh_user.name}}' + path: '{{acmesh_user.home}}/install' +- name: Get acme.sh tarball + get_url: + url: '{{acmesh_url}}' + dest: '{{acmesh_user.home}}/install/acme.sh-{{acmesh_commit}}.tar.gz' + mode: '0755' + checksum: '{{acmesh_checksum}}' + owner: '{{acmesh_user.name}}' + register: tarball +- name: Write install script + copy: + content: | + #!/bin/sh + set -e + set -x + cd '{{acmesh_user.home}}/install' + if ! [ -d 'acme.sh-{{acmesh_commit}}' ] ; then + tar -xzf 'acme.sh-{{acmesh_commit}}.tar.gz' + fi + cd 'acme.sh-{{acmesh_commit}}' + sh ./acme.sh --install \ + --home $HOME/install \ + --config-home $HOME/conf \ + --cert-home $HOME/certs \ + --accountemail "{{acmesh_email}}" \ + --accountkey $HOME/account.key \ + --accountconf $HOME/account.conf + dest: /tmp/acme_install.sh + mode: 0755 +- name: Run acme.sh install script + shell: | + #!/bin/sh + echo '/tmp/acme_install.sh' | su -s /bin/sh '{{acmesh_user.name}}' + when: tarball.changed +- name: Set cert directory permissions + file: + path: '{{acmesh_user.home}}/certs' + state: directory + mode: 'u=rwX,g=rX,o-rwx' + owner: '{{acmesh_user.name}}' + recurse: true +- name: Write issue script + copy: + content: | + #!/bin/sh + set -e + set -x + {{acmesh_env}} + + . $HOME/install/acme.sh.env + + {% for item in acmesh_domains %} + acme.sh {{acmesh_flags | replace('\n', ' ')}} \ + --issue \ + --dns dns_aws \ + --challenge-alias "{{acmesh_delegation_domain}}" \ + -d "{{item}}" -d "*.{{item}}" + {% endfor %} + + dest: '{{acmesh_user.home}}/issue.sh' + +# - name: Issue certificates |