ansible/xoxys.lego
0
0
Fork 0
Code Issues Pull Requests Releases Activity

add dns resolver option
Some checks failed
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/test Pipeline failed
Details
ci/woodpecker/push/docs unknown status
Details
ci/woodpecker/push/notify Pipeline was successful
Details

Browse Source
This commit is contained in:
Robert Kaussow 2024-09-28 00:38:17 +02:00
parent 89b59d0739
commit cf5373f595
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
defaults/main.yml
View File

@ -2,9 +2,13 @@
lego_version: 4.18.0 lego_version: 4.18.0
lego_acme_server: https://acme-v02.api.letsencrypt.org lego_acme_server: https://acme-v02.api.letsencrypt.org
lego_acme_account_email: "" # @var lego_acme_account_email:example: $ "user@example.com"
# @var lego_acme_account_email:value: $ "_unset_"
lego_cloudflare_api_token: "" # @var lego_cloudflare_api_token:value: $ "_unset_"
# @var lego_cloudflare_api_token:example: $ "_dhTdcj9g9s7gcpbN7qsh9CR3RMVHdM7v"
lego_dns_resolvers: []
lego_key_type: "ec256" lego_key_type: "ec256"

3
molecule/default/converge.yml
View File

@ -5,7 +5,8 @@
lego_acme_server: https://acme-staging-v02.api.letsencrypt.org lego_acme_server: https://acme-staging-v02.api.letsencrypt.org
lego_acme_account_email: user@example.com lego_acme_account_email: user@example.com
lego_certificates: lego_certificates:
- domains: - name: example
domains:
- example.com - example.com
- www.example.com - www.example.com
skip_create: True skip_create: True

3
tasks/main.yml
View File

@ -45,8 +45,9 @@
--domains {{ " --domains ".join(item.domains) }} --domains {{ " --domains ".join(item.domains) }}
--key-type="{{ lego_key_type }}" --key-type="{{ lego_key_type }}"
--dns="cloudflare" --dns="cloudflare"
{{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }}
run run
{{ '--run-hook="{{ __lego_base_dir }}/bin/hook-{{ item.name }}.sh"' if item.hook is defined else '' }} {{ '--run-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }}
args: args:
creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt" creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt"
environment: environment:

2
templates/cron-lego-renew.sh.j2
View File

@ -8,6 +8,6 @@ export CLOUDFLARE_DNS_API_TOKEN="{{ lego_cloudflare_api_token }}"
{% for cert in lego_certificates %} {% for cert in lego_certificates %}
echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}." echo "$(date) checking for cert update for {{ ', '.join(cert.domains) }}."
{{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" renew {{ '--run-hook="hook-{{ item.name }}.sh"' if item.hook is defined else '' }} --days 30 {{ __lego_bin_file }} --email="{{ lego_acme_account_email }}" --domains {{ ' --domains '.join(cert.domains) }} --key-type="{{ lego_key_type }}" --dns="cloudflare" {{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }} renew {{ '--renew-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }} --days 30
{% endfor %} {% endfor %}