ansible/xoxys.lego
0
0
Fork 0
Code Issues Pull Requests Releases Activity

drop account setup
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/docs Pipeline was successful
Details
ci/woodpecker/push/notify Pipeline was successful
Details

Browse Source
This commit is contained in:
Robert Kaussow 2024-09-27 21:18:56 +02:00
parent 2fd883d291
commit 5a54e7ec3f
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
5 changed files with 15 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
defaults/main.yml
View File

@ -1,23 +1,14 @@
--- ---
lego_version: 4.18.0 lego_version: 4.18.0
lego_server: https://acme-v02.api.letsencrypt.org/directory lego_acme_server: https://acme-v02.api.letsencrypt.org
lego_acme_account__email: ""
lego_cloudflare_email: "" lego_cloudflare_api_token: ""
lego_cloudflare_api_key: ""
# @var lego_accounts:example: >
# lego_accounts:
# - account_email: user@example.com
# account_number: "862bf8e9-b02a-43f1-9c05-ea073e0e1c7c"
# account_key: "94ecba99-bfbd-4c5a-9fd4-790f1c061a4c"
# @end
lego_accounts: []
# @var lego_certificates:example: # @var lego_certificates:example:
# lego_certificates: # lego_certificates:
# - account_email: user@example.com # - domains:
# domains:
# - example.com # - example.com
# - www.example.com # - www.example.com
# skip_create: False # skip_create: False

10
molecule/default/converge.yml
View File

@ -2,14 +2,10 @@
- name: Converge - name: Converge
hosts: all hosts: all
vars: vars:
lego_server: https://acme-staging-v02.api.letsencrypt.org/directory lego_acme_server: https://acme-staging-v02.api.letsencrypt.org
lego_accounts: lego_acme_account_email: user@example.com
- account_email: user@example.com
account_number: "862bf8e9-b02a-43f1-9c05-ea073e0e1c7c"
account_key: "94ecba99-bfbd-4c5a-9fd4-790f1c061a4c"
lego_certificates: lego_certificates:
- account_email: user@example.com - domains:
domains:
- example.com - example.com
- www.example.com - www.example.com
skip_create: True skip_create: True

47
tasks/main.yml
View File

@ -15,7 +15,6 @@
owner: root owner: root
group: root group: root
mode: "0750" mode: "0750"
recurse: True
- name: Create LetsEncrypt certificates directory - name: Create LetsEncrypt certificates directory
ansible.builtin.file: ansible.builtin.file:
@ -26,54 +25,18 @@
mode: "0700" mode: "0700"
recurse: True recurse: True
- name: Create LetsEncrypt account directory
ansible.builtin.file:
path: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email }}/keys"
state: directory
owner: root
group: root
mode: "0700"
recurse: True
loop: "{{ lego_accounts }}"
loop_control:
label: "{{ item.account_email }}"
- name: Deploy account json
ansible.builtin.template:
dest: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email | mandatory }}/account.json"
group: root
owner: root
mode: "0600"
src: account.json.j2
loop: "{{ lego_accounts }}"
loop_control:
label: "{{ item.account_email }}"
- name: Deploy account key
ansible.builtin.copy:
content: "{{ item.account_key }}"
dest: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email | mandatory }}/keys/{{ item.account_email }}.key"
owner: root
group: root
mode: "0600"
diff: False
loop: "{{ lego_accounts }}"
loop_control:
label: "{{ item.account_email }}"
- name: Obtain certificates for domains - name: Obtain certificates for domains
ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ item.account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run' ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run'
args: args:
creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt"
environment: environment:
LEGO_SERVER: "{{ lego_server }}" LEGO_SERVER: "{{ lego_acme_server }}/directory"
LEGO_PATH: "{{ __lego_base_dir }}/.lego" LEGO_PATH: "{{ __lego_base_dir }}/.lego"
CLOUDFLARE_EMAIL: "{{ lego_cloudflare_email }}" CLOUDFLARE_API_TOKEN: "{{ lego_cloudflare_api_token }}"
CLOUDFLARE_API_KEY: "{{ lego_cloudflare_api_key }}" when: not item.skip_create | default(False) | bool
when: not item.skip_create | bool
loop: "{{ lego_certificates }}" loop: "{{ lego_certificates }}"
loop_control: loop_control:
label: "{{ item.account_email }}" label: "{{ item.domains[0] }}"
- name: Add cron scipt to renew certificates - name: Add cron scipt to renew certificates
ansible.builtin.template: ansible.builtin.template:

12
templates/account.json.j2
View File

@ -1,12 +0,0 @@
{
"email": "{{ item.account_email }}",
"registration": {
"body": {
"status": "valid",
"contact": [
"mailto:{{ item.account_email }}"
]
},
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/{{ item.account_number }}"
}
}

7
templates/cron_lego_renew.sh.j2
View File

@ -2,14 +2,13 @@
# run this script daily to renew any letsencrypt certs that need renewing # run this script daily to renew any letsencrypt certs that need renewing
# renew cert if it expires within 30 days # renew cert if it expires within 30 days
export LEGO_SERVER="{{ lego_server }}" export LEGO_SERVER="{{ lego_acme_server }}/directory"
export LEGO_PATH="{{ __lego_base_dir }}/.lego" export LEGO_PATH="{{ __lego_base_dir }}/.lego"
export CLOUDFLARE_EMAIL="{{ lego_cloudflare_email }}" export CLOUDFLARE_API_TOKEN="{{ lego_cloudflare_api_token }}"
export CLOUDFLARE_API_KEY="{{ lego_cloudflare_api_key }}"
{% for cert in lego_certificates %} {% for cert in lego_certificates %}
echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}." echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}."
{{ __lego_bin_file }} --email="{{ cert.account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --dns="cloudflare" renew --days 30 {{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --dns="cloudflare" renew --days 30
{% endfor %} {% endfor %}