yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/acme_back/tasks/main.yml

133 lines
3.3 KiB
YAML
Raw Normal View History

1yr-old; first commit
2018-09-03 20:06:05 +02:00
---
# The home-server project produces a multi-purpose setup using Ansible.
fixes - temporary, now incomplete!
2023-07-30 19:31:56 +02:00
# Copyright © 20182023 Y. Gablin, under the GPL-3.0-or-later license.
1yr-old; first commit
2018-09-03 20:06:05 +02:00
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
vars:
msg: ACME
### ⇐ UPSTREAM BEGIN ###
WIP
2023-12-30 16:32:52 +01:00
- name: install software (dev)
package:
# for Ansible crypto
name: python-cryptography
when: (env == 'dev')
1yr-old; first commit
2018-09-03 20:06:05 +02:00
- name: install dehydrated (Lets Encrypt)
include_role:
name: aur.inc
allow_duplicates: true
vars:
aur: allow pre-build commands
2021-05-08 17:08:22 +02:00
packages:
- dehydrated-git
1yr-old; first commit
2018-09-03 20:06:05 +02:00
aur_user: git
### UPSTREAM END ⇒ ###
- name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
vars:
msg: ACME
### ⇐ UPSTREAM END ###
- name: set Lets Encrypt domains
copy:
content: |
{{acme_domains}}
dest: /etc/dehydrated/domains.txt
mode: 0644
- name: create Lets Encrypt top directory
file:
path: /var/lib/acme
state: directory
mode: 0711
- name: create Lets Encrypt accounts directory
file:
path: /var/lib/acme/accounts
state: directory
mode: 0700
- name: create Lets Encrypt certs directory
file:
path: /var/lib/acme/certs
state: directory
mode: 0755
- name: set dehydrated settings
template:
src: templates/dehydrated.config.j2
dest: /etc/dehydrated/config
mode: 0600
- name: set dehydrated hooks
template:
src: templates/hook.sh.j2
dest: "/etc/dehydrated/{{nickname}}-hook.sh"
mode: 0700
- name: create dehydrated timer
copy:
src: files/dehydrated.timer
dest: /etc/systemd/system/dehydrated.timer
mode: 0644
WIP
2023-12-30 16:32:52 +01:00
when: (env == 'prod')
1yr-old; first commit
2018-09-03 20:06:05 +02:00
notify:
- restart dehydrated.service
- name: enable dehydrated
systemd:
daemon_reload: true
name: dehydrated.timer
enabled: true
WIP
2023-12-30 16:32:52 +01:00
when: (env == 'prod')
## DEV
#https://docs.ansible.com/ansible/latest/collections/community/crypto/docsite/guide_selfsigned.html
- name: create private key (dev)
community.crypto.openssl_privatekey:
path: /var/lib/acme/self-signed.key
when: (env == 'dev')
- name: create CSR (dev)
community.crypto.openssl_csr:
path: /var/lib/acme/self-signed.csr
privatekey_path: /var/lib/acme/self-signed.key
common_name: "{{net_soa}}"
organization_name: "{{nickname}}"
subject_alt_name: "{{acme_domains | split | map('regex_replace','^','DNS:')}}"
subject_alt_name_critical: true
when: (env == 'dev')
- name: create self-signed certificate (dev)
community.crypto.x509_certificate:
path: /var/lib/acme/self-signed.pem
privatekey_path: /var/lib/acme/self-signed.key
csr_path: /var/lib/acme/self-signed.csr
provider: selfsigned
when: (env == 'dev')
- name: deploy self-signed certificate (dev)
command: >
/etc/dehydrated/{{nickname}}-hook.sh deploy_cert
{{net_soa}}
/var/lib/acme/self-signed.key
/var/lib/acme/self-signed.pem
/var/lib/acme/self-signed.pem
/dev/null
{{ansible_date_time.epoch}}
when: (env == 'dev')
1yr-old; first commit
2018-09-03 20:06:05 +02:00
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: ACME
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers