blob: b3c0570d335389f716fe24d07b7e080b955effe9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
---
- name: Create acme user
user:
name: '{{acmesh_user.name}}'
state: present
home: '{{acmesh_user.home}}'
shell: '{{acmesh_user.shell}}'
system: '{{acmesh_user.system}}'
- name: Set homedir permissions
file:
path: '{{acmesh_user.home}}'
state: directory
mode: '0710'
owner: '{{acmesh_user.name}}'
- name: Create install directory
file:
state: directory
owner: '{{acmesh_user.name}}'
path: '{{acmesh_user.home}}/install'
- name: Get acme.sh tarball
get_url:
url: '{{acmesh_url}}'
dest: '{{acmesh_user.home}}/install/acme.sh-{{acmesh_commit}}.tar.gz'
mode: '0755'
checksum: '{{acmesh_checksum}}'
owner: '{{acmesh_user.name}}'
register: tarball
- name: Write install script
copy:
content: |
#!/bin/sh
set -e
set -x
cd '{{acmesh_user.home}}/install'
if ! [ -d 'acme.sh-{{acmesh_commit}}' ] ; then
tar -xzf 'acme.sh-{{acmesh_commit}}.tar.gz'
fi
cd 'acme.sh-{{acmesh_commit}}'
sh ./acme.sh --install \
--home $HOME/install \
--config-home $HOME/conf \
--cert-home $HOME/certs \
--accountemail "{{acmesh_email}}" \
--accountkey $HOME/account.key \
--accountconf $HOME/account.conf
dest: /tmp/acme_install.sh
mode: 0755
- name: Run acme.sh install script
shell: |
#!/bin/sh
echo '/tmp/acme_install.sh' | su -s /bin/sh '{{acmesh_user.name}}'
when: tarball.changed
- name: Set cert directory permissions
file:
path: '{{acmesh_user.home}}/certs'
state: directory
mode: 'u=rwX,g=rX,o-rwx'
owner: '{{acmesh_user.name}}'
recurse: true
- name: Write issue script
copy:
content: |
#!/bin/sh
set -e
set -x
{{acmesh_env}}
. $HOME/install/acme.sh.env
{% for item in acmesh_domains %}
acme.sh {{acmesh_flags | replace('\n', ' ')}} \
--issue \
--dns dns_aws \
--challenge-alias "{{acmesh_delegation_domain}}" \
-d "{{item}}" -d "*.{{item}}"
{% endfor %}
dest: '{{acmesh_user.home}}/issue.sh'
# - name: Issue certificates
|
