1
0
Fork 0

Add dehydrated role

This commit is contained in:
Daniele Tricoli 2021-01-25 23:47:31 +01:00
parent ae1ba3fe9d
commit 52ecb697ea
7 changed files with 75 additions and 1 deletions

View File

@ -0,0 +1,8 @@
---
dehydrated_become: true
dehydrated_become_user: root
dehydrated_domains: []
dehydrated_email: example@example.org
dehydrated_enable_hook: true
dehydrated_staging: false

View File

@ -0,0 +1,2 @@
#!/bin/sh
/usr/bin/dehydrated -c > /dev/null

View File

@ -0,0 +1,8 @@
#!/bin/bash
if [ ${1} == "deploy_cert" ]; then
echo " + Hook: Reload nginx..."
/usr/sbin/nginx -s reload
else
echo " + Hook: Nothing to do..."
fi

View File

@ -0,0 +1,40 @@
---
- block:
- name: install dehydrated
apt:
name:
- dehydrated
- curl
state: present
update_cache: true
cache_valid_time: 3600
- name: install base.sh configuration file
template:
src: etc/dehydrated/conf.d/base.sh.j2
dest: /etc/dehydrated/conf.d/base.sh
- name: install /etc/dehydrated/domains.txt configuration file
template:
src: etc/dehydrated/domains.txt.j2
dest: /etc/dehydrated/domains.txt
- name: install /var/lib/dehydrated/hook.sh
copy:
src: var/lib/dehydrated/hook.sh
dest: /var/lib/dehydrated/hook.sh
mode: 0750
owner: root
group: root
- name: install /etc/cron.daily/dehydrated
copy:
src: etc/cron.daily/dehydrated
dest: /etc/cron.daily/dehydrated
mode: 0755
owner: root
group: root
become: "{{ dehydrated_become }}"
become_user: "{{ dehydrated_become_user }}"

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
CONTACT_EMAIL={{ dehydrated_email }}
{% if dehydrated_enable_hook %}HOOK="${BASEDIR}/hook.sh"{% endif %}
{% if dehydrated_staging %}
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
{% endif %}

View File

@ -0,0 +1,3 @@
{% for domains in dehydrated_domains %}
{{ domains }}
{% endfor %}

View File

@ -39,6 +39,10 @@
ssl_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
ssl_certificate_key: /var/lib/snakeoil/certs/example2.org/privkey.pem
ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
dehydrated_email: test@example.org
dehydrated_domains:
- example.org www.example.org
- example2.org
roles:
# - ../roles/apt_dist_upgrade
- ../roles/common
@ -48,7 +52,8 @@
- ../roles/sshd
- ../roles/fail2ban
- ../roles/snake_oil_cert
- ../roles/nginx
# - ../roles/dehydrated
# - ../roles/nginx
# - ../roles/admin
# - ../roles/docker
# - {role: ../roles/mailserver}