2024-09-27 18:40:51 +00:00
|
|
|
---
|
|
|
|
- name: Install lego
|
|
|
|
ansible.legacy.unarchive:
|
|
|
|
src: https://github.com/go-acme/lego/releases/download/v{{ lego_version }}/lego_v{{ lego_version }}_linux_amd64.tar.gz
|
|
|
|
dest: "{{ __lego_bin_dir }}"
|
|
|
|
remote_src: True
|
|
|
|
extra_opts:
|
|
|
|
- "{{ __lego_bin_name }}"
|
|
|
|
mode: "0750"
|
|
|
|
|
|
|
|
- name: Create lego base dir
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ __lego_base_dir }}/bin"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0750"
|
|
|
|
|
|
|
|
- name: Create LetsEncrypt certificates directory
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ __lego_base_dir }}/.lego/certificates"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0700"
|
|
|
|
recurse: True
|
|
|
|
|
|
|
|
- name: Obtain certificates for domains
|
2024-09-27 19:18:56 +00:00
|
|
|
ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run'
|
2024-09-27 18:40:51 +00:00
|
|
|
args:
|
|
|
|
creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt"
|
|
|
|
environment:
|
2024-09-27 19:18:56 +00:00
|
|
|
LEGO_SERVER: "{{ lego_acme_server }}/directory"
|
2024-09-27 18:40:51 +00:00
|
|
|
LEGO_PATH: "{{ __lego_base_dir }}/.lego"
|
2024-09-27 19:18:56 +00:00
|
|
|
CLOUDFLARE_API_TOKEN: "{{ lego_cloudflare_api_token }}"
|
|
|
|
when: not item.skip_create | default(False) | bool
|
2024-09-27 18:40:51 +00:00
|
|
|
loop: "{{ lego_certificates }}"
|
|
|
|
loop_control:
|
2024-09-27 19:18:56 +00:00
|
|
|
label: "{{ item.domains[0] }}"
|
2024-09-27 18:40:51 +00:00
|
|
|
|
|
|
|
- name: Add cron scipt to renew certificates
|
|
|
|
ansible.builtin.template:
|
|
|
|
dest: "{{ __lego_base_dir }}/bin/cron_lego_renew.sh"
|
|
|
|
mode: "0755"
|
|
|
|
src: cron_lego_renew.sh.j2
|
|
|
|
|
|
|
|
- name: Add cron job to renew certificates
|
|
|
|
ansible.builtin.cron:
|
|
|
|
name: "lego-renew"
|
|
|
|
cron_file: "lego-renew"
|
|
|
|
job: "{{ __lego_base_dir }}/bin/cron_lego_renew.sh >> {{ __lego_base_dir }}/cron_lego_renew.log 2>&1"
|
|
|
|
hour: 2
|
|
|
|
minute: 5
|
|
|
|
user: root
|