Add dehydrated role
This commit is contained in:
parent
ae1ba3fe9d
commit
52ecb697ea
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
dehydrated_become: true
|
||||
dehydrated_become_user: root
|
||||
|
||||
dehydrated_domains: []
|
||||
dehydrated_email: example@example.org
|
||||
dehydrated_enable_hook: true
|
||||
dehydrated_staging: false
|
|
@ -0,0 +1,2 @@
|
|||
#!/bin/sh
|
||||
/usr/bin/dehydrated -c > /dev/null
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ${1} == "deploy_cert" ]; then
|
||||
echo " + Hook: Reload nginx..."
|
||||
/usr/sbin/nginx -s reload
|
||||
else
|
||||
echo " + Hook: Nothing to do..."
|
||||
fi
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
- block:
|
||||
|
||||
- name: install dehydrated
|
||||
apt:
|
||||
name:
|
||||
- dehydrated
|
||||
- curl
|
||||
state: present
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: install base.sh configuration file
|
||||
template:
|
||||
src: etc/dehydrated/conf.d/base.sh.j2
|
||||
dest: /etc/dehydrated/conf.d/base.sh
|
||||
|
||||
- name: install /etc/dehydrated/domains.txt configuration file
|
||||
template:
|
||||
src: etc/dehydrated/domains.txt.j2
|
||||
dest: /etc/dehydrated/domains.txt
|
||||
|
||||
- name: install /var/lib/dehydrated/hook.sh
|
||||
copy:
|
||||
src: var/lib/dehydrated/hook.sh
|
||||
dest: /var/lib/dehydrated/hook.sh
|
||||
mode: 0750
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: install /etc/cron.daily/dehydrated
|
||||
copy:
|
||||
src: etc/cron.daily/dehydrated
|
||||
dest: /etc/cron.daily/dehydrated
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
become: "{{ dehydrated_become }}"
|
||||
become_user: "{{ dehydrated_become_user }}"
|
|
@ -0,0 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
CONTACT_EMAIL={{ dehydrated_email }}
|
||||
{% if dehydrated_enable_hook %}HOOK="${BASEDIR}/hook.sh"{% endif %}
|
||||
{% if dehydrated_staging %}
|
||||
|
||||
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
{% endif %}
|
|
@ -0,0 +1,3 @@
|
|||
{% for domains in dehydrated_domains %}
|
||||
{{ domains }}
|
||||
{% endfor %}
|
|
@ -39,6 +39,10 @@
|
|||
ssl_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
|
||||
ssl_certificate_key: /var/lib/snakeoil/certs/example2.org/privkey.pem
|
||||
ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
|
||||
dehydrated_email: test@example.org
|
||||
dehydrated_domains:
|
||||
- example.org www.example.org
|
||||
- example2.org
|
||||
roles:
|
||||
# - ../roles/apt_dist_upgrade
|
||||
- ../roles/common
|
||||
|
@ -48,7 +52,8 @@
|
|||
- ../roles/sshd
|
||||
- ../roles/fail2ban
|
||||
- ../roles/snake_oil_cert
|
||||
- ../roles/nginx
|
||||
# - ../roles/dehydrated
|
||||
# - ../roles/nginx
|
||||
# - ../roles/admin
|
||||
# - ../roles/docker
|
||||
# - {role: ../roles/mailserver}
|
||||
|
|
Loading…
Reference in New Issue