1 files changed, 80 insertions, 0 deletions

diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..b3c0570
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,80 @@
+---
+- name: Create acme user
+  user:
+    name: '{{acmesh_user.name}}'
+    state: present
+    home: '{{acmesh_user.home}}'
+    shell: '{{acmesh_user.shell}}'
+    system: '{{acmesh_user.system}}'
+- name: Set homedir permissions
+  file:
+    path: '{{acmesh_user.home}}'
+    state: directory
+    mode: '0710'
+    owner: '{{acmesh_user.name}}'
+- name: Create install directory
+  file:
+    state: directory
+    owner: '{{acmesh_user.name}}'
+    path: '{{acmesh_user.home}}/install'
+- name: Get acme.sh tarball
+  get_url:
+    url: '{{acmesh_url}}'
+    dest: '{{acmesh_user.home}}/install/acme.sh-{{acmesh_commit}}.tar.gz'
+    mode: '0755'
+    checksum: '{{acmesh_checksum}}'
+    owner: '{{acmesh_user.name}}'
+  register: tarball
+- name: Write install script
+  copy:
+    content: |
+      #!/bin/sh
+      set -e
+      set -x
+      cd '{{acmesh_user.home}}/install'
+      if ! [ -d 'acme.sh-{{acmesh_commit}}' ] ; then
+        tar -xzf 'acme.sh-{{acmesh_commit}}.tar.gz'
+      fi
+      cd 'acme.sh-{{acmesh_commit}}'
+      sh ./acme.sh  --install \
+        --home $HOME/install \
+        --config-home $HOME/conf \
+        --cert-home  $HOME/certs \
+        --accountemail  "{{acmesh_email}}" \
+        --accountkey $HOME/account.key \
+        --accountconf $HOME/account.conf
+    dest: /tmp/acme_install.sh
+    mode: 0755
+- name: Run acme.sh install script
+  shell: |
+    #!/bin/sh
+    echo '/tmp/acme_install.sh' | su -s /bin/sh '{{acmesh_user.name}}'
+  when: tarball.changed
+- name: Set cert directory permissions
+  file:
+    path: '{{acmesh_user.home}}/certs'
+    state: directory
+    mode: 'u=rwX,g=rX,o-rwx'
+    owner: '{{acmesh_user.name}}'
+    recurse: true
+- name: Write issue script
+  copy:
+    content: |
+      #!/bin/sh
+      set -e
+      set -x
+      {{acmesh_env}}
+
+      . $HOME/install/acme.sh.env
+
+      {% for item in acmesh_domains %}
+      acme.sh {{acmesh_flags | replace('\n', ' ')}} \
+          --issue \
+          --dns dns_aws \
+          --challenge-alias "{{acmesh_delegation_domain}}" \
+          -d "{{item}}" -d "*.{{item}}"
+      {% endfor %}
+
+    dest: '{{acmesh_user.home}}/issue.sh'
+
+# - name: Issue certificates