slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

: automate acme.sh certificate issue
Some checks failed
ansible-lint / lint-everything (push) Failing after 1m20s
Details

Browse Source
This commit is contained in:
VC
2025-04-10 11:56:46 +02:00
parent fbf7913763
commit 72326fab41
7 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventory/host_vars/jabber.yml
View File

@@ -1,6 +1,7 @@
--- ---
web_hostname: web_hostname:
- host: libertus.eu - host: libertus.eu
acme_reload_cmd: "systemctl restart prosody.service"
- host: upload.libertus.eu - host: upload.libertus.eu
- host: xmpp.libertus.eu - host: xmpp.libertus.eu

1
inventory/host_vars/ks3370405.yml
View File

@@ -2,6 +2,7 @@
web_hostname: web_hostname:
- host: mail-relay.mateu.be - host: mail-relay.mateu.be
acme_reload_cmd: "systemctl restart postfix.service"
allowed_smtp_ips: "{{ [global_public_ip_address] + ['80.67.179.200'] }}" allowed_smtp_ips: "{{ [global_public_ip_address] + ['80.67.179.200'] }}"

2
inventory/host_vars/mail.yml
View File

@@ -1,4 +1,6 @@
--- ---
web_hostname: web_hostname:
- host: imap.libertus.eu - host: imap.libertus.eu
acme_reload_cmd: "systemctl restart dovecot.service"
- host: smtp.libertus.eu - host: smtp.libertus.eu
acme_reload_cmd: "systemctl restart postfix.service"

2
inventory/host_vars/web1.yml
View File

@@ -14,7 +14,9 @@ web_hostname:
- host: mail.libertus.eu - host: mail.libertus.eu
type: roundcube type: roundcube
- host: perso.nintendojo.fr - host: perso.nintendojo.fr
acme_unmanaged: true
- host: perso.libertus.eu - host: perso.libertus.eu
acme_unmanaged: true
- host: r.mateu.be - host: r.mateu.be
- host: ff.libertus.eu - host: ff.libertus.eu
type: firefly3 type: firefly3

2
inventory/host_vars/web2.yml
View File

@@ -3,10 +3,12 @@ php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'cu
web_hostname: web_hostname:
- host: nintendojo.fr - host: nintendojo.fr
acme_unmanaged: true
- host: www.nintendojo.fr - host: www.nintendojo.fr
- host: forum.nintendojo.fr - host: forum.nintendojo.fr
type: phpbb type: phpbb
- host: nintendojofr.com - host: nintendojofr.com
acme_unmanaged: true
- host: www.nintendojofr.com - host: www.nintendojofr.com
type: retrodojo type: retrodojo
- host: forum.nintendojofr.com - host: forum.nintendojofr.com

27
roles/nginx/tasks/acme.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: Issue certificate
ansible.builtin.command:
cmd: "/etc/x509/acme.sh --issue --domain {{ host.host }} --webroot {{ nginx_letsencrypt_dir }} --reloadcmd \"{{ acme_reload_cmd | default('systemctl reload nginx.service') }}\""
creates: "/etc/x509/{{ host.host }}*"
environment:
LE_WORKING_DIR: "/etc/x509"
- name: Check if ecc dir
ansible.builtin.stat:
path: "/etc/x509/{{ host.host }}_ecc"
register: _nginx_x509_ecc_dir
- name: Move dir if exists
block:
- name: Copy ecc dir
ansible.builtin.copy:
remote_src: true
src: "/etc/x509/{{ host.host }}_ecc/"
dest: "/etc/x509/{{ host.host }}"
- name: Remove ecc dir
ansible.builtin.file:
path: "/etc/x509/{{ host.host }}_ecc/"
state: absent
when: _nginx_x509_ecc_dir.stat.exists

9
roles/nginx/tasks/main.yml
View File

@@ -41,5 +41,14 @@
mode: 'u+rwx,g+rs,o-rwx' mode: 'u+rwx,g+rs,o-rwx'
state: directory state: directory
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Include acme auto cert
ansible.builtin.include_tasks: acme.yml
loop: "{{ web_hostname | rejectattr('acme_unmanaged', 'defined') }}"
loop_control:
loop_var: "host"
- name: Include vhosts - name: Include vhosts
ansible.builtin.include_tasks: vhosts.yml ansible.builtin.include_tasks: vhosts.yml