drop account setup

2024-09-27 21:18:56 +02:00 · 2024-09-27 21:18:56 +02:00 · 5a54e7ec3f
commit 5a54e7ec3f
parent 2fd883d291
5 changed files with 15 additions and 78 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,23 +1,14 @@
 ---
 lego_version: 4.18.0

-lego_server: https://acme-v02.api.letsencrypt.org/directory
+lego_acme_server: https://acme-v02.api.letsencrypt.org
+lego_acme_account__email: ""

-lego_cloudflare_email: ""
-lego_cloudflare_api_key: ""
-
-# @var lego_accounts:example: >
-# lego_accounts:
-#   - account_email: user@example.com
-#     account_number: "862bf8e9-b02a-43f1-9c05-ea073e0e1c7c"
-#     account_key: "94ecba99-bfbd-4c5a-9fd4-790f1c061a4c"
-# @end
-lego_accounts: []
+lego_cloudflare_api_token: ""

 # @var lego_certificates:example:
 # lego_certificates:
-#   - account_email: user@example.com
-#     domains:
+#   - domains:
 #       - example.com
 #       - www.example.com
 #     skip_create: False
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -2,14 +2,10 @@
 - name: Converge
  hosts: all
  vars:
-    lego_server: https://acme-staging-v02.api.letsencrypt.org/directory
-    lego_accounts:
-      - account_email: user@example.com
-        account_number: "862bf8e9-b02a-43f1-9c05-ea073e0e1c7c"
-        account_key: "94ecba99-bfbd-4c5a-9fd4-790f1c061a4c"
+    lego_acme_server: https://acme-staging-v02.api.letsencrypt.org
+    lego_acme_account_email: user@example.com
    lego_certificates:
-      - account_email: user@example.com
-        domains:
+      - domains:
          - example.com
          - www.example.com
        skip_create: True
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -15,7 +15,6 @@
    owner: root
    group: root
    mode: "0750"
-    recurse: True

 - name: Create LetsEncrypt certificates directory
  ansible.builtin.file:
@ -26,54 +25,18 @@
    mode: "0700"
    recurse: True

- name: Create LetsEncrypt account directory
-  ansible.builtin.file:
-    path: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email }}/keys"
-    state: directory
-    owner: root
-    group: root
-    mode: "0700"
-    recurse: True
-  loop: "{{ lego_accounts }}"
-  loop_control:
-    label: "{{ item.account_email }}"
-
- name: Deploy account json
-  ansible.builtin.template:
-    dest: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email | mandatory }}/account.json"
-    group: root
-    owner: root
-    mode: "0600"
-    src: account.json.j2
-  loop: "{{ lego_accounts }}"
-  loop_control:
-    label: "{{ item.account_email }}"
-
- name: Deploy account key
-  ansible.builtin.copy:
-    content: "{{ item.account_key }}"
-    dest: "{{ __lego_base_dir }}/.lego/accounts/acme-v02.api.letsencrypt.org/{{ item.account_email | mandatory }}/keys/{{ item.account_email }}.key"
-    owner: root
-    group: root
-    mode: "0600"
-  diff: False
-  loop: "{{ lego_accounts }}"
-  loop_control:
-    label: "{{ item.account_email }}"
-
 - name: Obtain certificates for domains
-  ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ item.account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run'
+  ansible.builtin.command: '{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ " --domains ".join(item.domains) }} --dns="cloudflare" run'
  args:
    creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt"
  environment:
-    LEGO_SERVER: "{{ lego_server }}"
+    LEGO_SERVER: "{{ lego_acme_server }}/directory"
    LEGO_PATH: "{{ __lego_base_dir }}/.lego"
-    CLOUDFLARE_EMAIL: "{{ lego_cloudflare_email }}"
-    CLOUDFLARE_API_KEY: "{{ lego_cloudflare_api_key }}"
-  when: not item.skip_create | bool
+    CLOUDFLARE_API_TOKEN: "{{ lego_cloudflare_api_token }}"
+  when: not item.skip_create | default(False) | bool
  loop: "{{ lego_certificates }}"
  loop_control:
-    label: "{{ item.account_email }}"
+    label: "{{ item.domains[0] }}"

 - name: Add cron scipt to renew certificates
  ansible.builtin.template:
--- a/templates/account.json.j2
+++ b/templates/account.json.j2
@ -1,12 +0,0 @@
-{
-	"email": "{{ item.account_email }}",
-	"registration": {
-		"body": {
-			"status": "valid",
-			"contact": [
-				"mailto:{{ item.account_email }}"
-			]
-		},
-		"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/{{ item.account_number }}"
-	}
-}
--- a/templates/cron_lego_renew.sh.j2
+++ b/templates/cron_lego_renew.sh.j2
@ -2,14 +2,13 @@
 # run this script daily to renew any letsencrypt certs that need renewing
 # renew cert if it expires within 30 days

-export LEGO_SERVER="{{ lego_server }}"
+export LEGO_SERVER="{{ lego_acme_server }}/directory"
 export LEGO_PATH="{{ __lego_base_dir }}/.lego"

-export CLOUDFLARE_EMAIL="{{ lego_cloudflare_email }}"
-export CLOUDFLARE_API_KEY="{{ lego_cloudflare_api_key }}"
+export CLOUDFLARE_API_TOKEN="{{ lego_cloudflare_api_token }}"

 {% for cert in lego_certificates %}
 echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}."
-{{ __lego_bin_file }} --email="{{ cert.account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --dns="cloudflare" renew --days 30
+{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --dns="cloudflare" renew --days 30

 {% endfor %}