slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ACME auto certificate #7

Merged
clement.veret merged 3 commits from auto_acme into main 2025-04-10 13:37:21 +02:00
Conversation 0 Commits 3 Files Changed 8 +46 -1
8 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
inventory/host_vars/jabber.yml
View File

@@ -1,6 +1,7 @@
--- ---
web_hostname: web_hostname:
- host: libertus.eu - host: libertus.eu
acme_reload_cmd: "systemctl restart prosody.service"
- host: upload.libertus.eu - host: upload.libertus.eu
- host: xmpp.libertus.eu - host: xmpp.libertus.eu

1
inventory/host_vars/ks3370405.yml
View File

@@ -2,6 +2,7 @@
web_hostname: web_hostname:
- host: mail-relay.mateu.be - host: mail-relay.mateu.be
acme_reload_cmd: "systemctl restart postfix.service"
allowed_smtp_ips: "{{ [global_public_ip_address] + ['80.67.179.200'] }}" allowed_smtp_ips: "{{ [global_public_ip_address] + ['80.67.179.200'] }}"

2
inventory/host_vars/mail.yml
View File

@@ -1,4 +1,6 @@
--- ---
web_hostname: web_hostname:
- host: imap.libertus.eu - host: imap.libertus.eu
acme_reload_cmd: "systemctl restart dovecot.service"
- host: smtp.libertus.eu - host: smtp.libertus.eu
acme_reload_cmd: "systemctl restart postfix.service"

2
inventory/host_vars/web1.yml
View File

@@ -14,7 +14,9 @@ web_hostname:
- host: mail.libertus.eu - host: mail.libertus.eu
type: roundcube type: roundcube
- host: perso.nintendojo.fr - host: perso.nintendojo.fr
acme_unmanaged: true
- host: perso.libertus.eu - host: perso.libertus.eu
acme_unmanaged: true
- host: r.mateu.be - host: r.mateu.be
- host: ff.libertus.eu - host: ff.libertus.eu
type: firefly3 type: firefly3

2
inventory/host_vars/web2.yml
View File

@@ -3,10 +3,12 @@ php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'cu
web_hostname: web_hostname:
- host: nintendojo.fr - host: nintendojo.fr
acme_unmanaged: true
- host: www.nintendojo.fr - host: www.nintendojo.fr
- host: forum.nintendojo.fr - host: forum.nintendojo.fr
type: phpbb type: phpbb
- host: nintendojofr.com - host: nintendojofr.com
acme_unmanaged: true
- host: www.nintendojofr.com - host: www.nintendojofr.com
type: retrodojo type: retrodojo
- host: forum.nintendojofr.com - host: forum.nintendojofr.com

28
roles/nginx/tasks/acme.yml Normal file
View File

@@ -0,0 +1,28 @@
---
- name: Issue certificate
ansible.builtin.command:
cmd: "/etc/x509/acme.sh --issue --domain {{ host.host }} --webroot {{ nginx_letsencrypt_dir }} --reloadcmd \"{{ acme_reload_cmd | default('systemctl reload nginx.service') }}\""
creates: "/etc/x509/{{ host.host }}*"
environment:
LE_WORKING_DIR: "/etc/x509"
- name: Check if ecc dir
ansible.builtin.stat:
path: "/etc/x509/{{ host.host }}_ecc"
register: _nginx_x509_ecc_dir
- name: Move dir if exists
when: _nginx_x509_ecc_dir.stat.exists
block:
- name: Copy ecc dir
ansible.builtin.copy:
remote_src: true
src: "/etc/x509/{{ host.host }}_ecc/"
dest: "/etc/x509/{{ host.host }}"
mode: "{{ _nginx_x509_ecc_dir.stat.mode }}"
- name: Remove ecc dir
ansible.builtin.file:
path: "/etc/x509/{{ host.host }}_ecc/"
state: absent

9
roles/nginx/tasks/main.yml
View File

@@ -41,5 +41,14 @@
mode: 'u+rwx,g+rs,o-rwx' mode: 'u+rwx,g+rs,o-rwx'
state: directory state: directory
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Include acme auto cert
ansible.builtin.include_tasks: acme.yml
loop: "{{ web_hostname | rejectattr('acme_unmanaged', 'defined') }}"
loop_control:
loop_var: "host"
- name: Include vhosts - name: Include vhosts
ansible.builtin.include_tasks: vhosts.yml ansible.builtin.include_tasks: vhosts.yml

2
roles/nsd/templates/zones/giteu.be.zone.j2
View File

@@ -13,7 +13,7 @@ $TTL 86400
{% endfor %} {% endfor %}
$ORIGIN {{ item.name }}. $ORIGIN {{ item.name }}.
@ IN CAA 0 issue ";" @ IN CAA 0 issue "letsencrypt.org"
@ IN MX 0 . @ IN MX 0 .
@ IN TXT "v=spf1 -all" @ IN TXT "v=spf1 -all"
@ IN TXT "spf2.0/mfrom -all" @ IN TXT "spf2.0/mfrom -all"