2018-09-03 20:06:05 +02:00
|
|
|
|
---
|
|
|
|
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|
|
|
|
|
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
|
|
|
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
|
|
|
|
|
|
|
|
### UPSTREAM BEGIN ⇒ ###
|
|
|
|
|
|
- name: pull prerequisites from upstream
|
|
|
|
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
|
|
|
|
|
vars:
|
|
|
|
|
|
msg: ACME
|
|
|
|
|
|
### ⇐ UPSTREAM BEGIN ###
|
|
|
|
|
|
|
|
|
|
|
|
- name: install dehydrated (Let’s Encrypt)
|
|
|
|
|
|
include_role:
|
|
|
|
|
|
name: aur.inc
|
|
|
|
|
|
allow_duplicates: true
|
|
|
|
|
|
vars:
|
2021-05-08 17:08:22 +02:00
|
|
|
|
packages:
|
|
|
|
|
|
- dehydrated-git
|
2018-09-03 20:06:05 +02:00
|
|
|
|
aur_user: git
|
|
|
|
|
|
|
|
|
|
|
|
### UPSTREAM END ⇒ ###
|
|
|
|
|
|
- name: merge upstream
|
|
|
|
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
|
|
|
|
|
vars:
|
|
|
|
|
|
msg: ACME
|
|
|
|
|
|
### ⇐ UPSTREAM END ###
|
|
|
|
|
|
|
|
|
|
|
|
- name: set Let’s Encrypt domains
|
|
|
|
|
|
copy:
|
|
|
|
|
|
content: |
|
|
|
|
|
|
{{acme_domains}}
|
|
|
|
|
|
dest: /etc/dehydrated/domains.txt
|
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
|
|
|
|
- name: create Let’s Encrypt top directory
|
|
|
|
|
|
file:
|
|
|
|
|
|
path: /var/lib/acme
|
|
|
|
|
|
state: directory
|
|
|
|
|
|
mode: 0711
|
|
|
|
|
|
|
|
|
|
|
|
- name: create Let’s Encrypt accounts directory
|
|
|
|
|
|
file:
|
|
|
|
|
|
path: /var/lib/acme/accounts
|
|
|
|
|
|
state: directory
|
|
|
|
|
|
mode: 0700
|
|
|
|
|
|
|
|
|
|
|
|
- name: create Let’s Encrypt certs directory
|
|
|
|
|
|
file:
|
|
|
|
|
|
path: /var/lib/acme/certs
|
|
|
|
|
|
state: directory
|
|
|
|
|
|
mode: 0755
|
|
|
|
|
|
|
|
|
|
|
|
- name: set dehydrated settings
|
|
|
|
|
|
template:
|
|
|
|
|
|
src: templates/dehydrated.config.j2
|
|
|
|
|
|
dest: /etc/dehydrated/config
|
|
|
|
|
|
mode: 0600
|
|
|
|
|
|
|
|
|
|
|
|
- name: set dehydrated hooks
|
|
|
|
|
|
template:
|
|
|
|
|
|
src: templates/hook.sh.j2
|
|
|
|
|
|
dest: "/etc/dehydrated/{{nickname}}-hook.sh"
|
|
|
|
|
|
mode: 0700
|
|
|
|
|
|
|
|
|
|
|
|
- name: create dehydrated timer
|
|
|
|
|
|
copy:
|
|
|
|
|
|
src: files/dehydrated.timer
|
|
|
|
|
|
dest: /etc/systemd/system/dehydrated.timer
|
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart dehydrated.service
|
|
|
|
|
|
|
|
|
|
|
|
- name: enable dehydrated
|
|
|
|
|
|
systemd:
|
|
|
|
|
|
daemon_reload: true
|
|
|
|
|
|
name: dehydrated.timer
|
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
|
|
|
|
- name: commit local changes
|
|
|
|
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
|
|
|
|
vars:
|
|
|
|
|
|
msg: ACME
|
|
|
|
|
|
### ⇐ LOCAL COMMIT ###
|
|
|
|
|
|
- meta: flush_handlers
|
