xoxys.lego/tasks/main.yml
Robert Kaussow cf5373f595
Some checks failed
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline failed
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/notify Pipeline was successful
add dns resolver option
2024-09-28 00:38:17 +02:00

77 lines
2.4 KiB
YAML

---
- name: Install lego
ansible.legacy.unarchive:
src: https://github.com/go-acme/lego/releases/download/v{{ lego_version }}/lego_v{{ lego_version }}_linux_amd64.tar.gz
dest: "{{ __lego_bin_dir }}"
remote_src: True
extra_opts:
- "{{ __lego_bin_name }}"
mode: "0750"
- name: Create lego base dir
ansible.builtin.file:
path: "{{ __lego_base_dir }}/bin"
state: directory
owner: root
group: root
mode: "0750"
- name: Create LetsEncrypt certificates directory
ansible.builtin.file:
path: "{{ __lego_base_dir }}/.lego/certificates"
state: directory
owner: root
group: root
mode: "0700"
recurse: True
- name: Create hook scripts
ansible.builtin.copy:
content: "{{ item.hook }}"
dest: "{{ __lego_base_dir }}/bin/hook-{{ item.name }}.sh"
owner: root
group: root
mode: "0600"
when: item.hook is defined
loop: "{{ lego_certificates }}"
loop_control:
label: "{{ item.name }}"
- name: Obtain certificates for domains
ansible.builtin.command: >-
{{ __lego_bin_file }}
--accept-tos
--email="{{ lego_acme_account_email }}"
--domains {{ " --domains ".join(item.domains) }}
--key-type="{{ lego_key_type }}"
--dns="cloudflare"
{{ '--dns.resolvers="' + lego_dns_resolvers | join(',') + '"' if lego_dns_resolvers | length > 0 else '' }}
run
{{ '--run-hook="hook-' + cert.name + '.sh"' if cert.hook is defined else '' }}
args:
creates: "{{ __lego_base_dir }}/.lego/certificates/{{ item.domains[0] }}.crt"
environment:
LEGO_SERVER: "{{ lego_acme_server }}/directory"
LEGO_PATH: "{{ __lego_base_dir }}/.lego"
CLOUDFLARE_DNS_API_TOKEN: "{{ lego_cloudflare_api_token }}"
when: not item.skip_create | default(False) | bool
loop: "{{ lego_certificates }}"
loop_control:
label: "{{ item.name }}"
- name: Add cron scipt to renew certificates
ansible.builtin.template:
dest: "{{ __lego_base_dir }}/bin/cron-lego-renew.sh"
mode: "0755"
src: cron-lego-renew.sh.j2
- name: Add cron job to renew certificates
ansible.builtin.cron:
name: "lego-renew"
cron_file: "lego-renew"
job: "{{ __lego_base_dir }}/bin/cron-lego-renew.sh >> {{ __lego_base_dir }}/cron_lego_renew.log 2>&1"
hour: "{{ lego_cron_hour }}"
minute: "{{ lego_cron_minute }}"
user: root
state: "{{ 'present' if lego_cron_enabled | bool else 'absent' }}"