diff options
| author | binary <me@rgoncalves.se> | 2021-01-23 12:30:17 +0100 |
|---|---|---|
| committer | binary <me@rgoncalves.se> | 2021-01-23 12:30:17 +0100 |
| commit | aa2710ec320b5744405c26d216db039a57dc4c0e (patch) | |
| tree | b45d7c5b6040751bd57428375ea0e2a8c6da6642 /roles/acme | |
| parent | 03612d17ca9f16e14b4a10f48221268bf6ec7e28 (diff) | |
| download | infrastructure-aa2710ec320b5744405c26d216db039a57dc4c0e.tar.gz | |
Bare init for acme certificates generation
Diffstat (limited to 'roles/acme')
| -rw-r--r-- | roles/acme/tasks/main.yml | 34 | ||||
| -rw-r--r-- | roles/acme/templates/acme-client.conf.j2 | 20 | ||||
| -rw-r--r-- | roles/acme/vars/main.yml | 6 |
3 files changed, 60 insertions, 0 deletions
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml new file mode 100644 index 0000000..ec23ceb --- /dev/null +++ b/roles/acme/tasks/main.yml @@ -0,0 +1,34 @@ + +# acme ~~ roles/acme/tasks/main.yml +# acme-client initialization +# OPENBSD-ONLY + +--- + +- name: ensure acme-client is installed + package: + name: acme-client + state: present + +- name: generate acme-client configuration + template: + src: acme-client.conf.j2 + dest: /etc/acme-client.conf + owner: "{{ user_root }}" + group: "{{ group_root }}" + mode: 0644 + +- name: generate acme certificates + shell: acme-client -v {{ global.domain_name }} + register: result + +- name: show acme-client output + debug: + var: result + +- name: enable automatic acme certificates update + cron: + name: "automatic acme certificates update" + minute: "0" + hour: "6,18" + job: "acme-client -v {{ global.domain_name }}" diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2 new file mode 100644 index 0000000..40a284a --- /dev/null +++ b/roles/acme/templates/acme-client.conf.j2 @@ -0,0 +1,20 @@ +# +# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $ +# +# managed by Ansible + +authority letsencrypt { + api url "https://acme-v02.api.letsencrypt.org/directory" + account key "/etc/acme/letsencrypt-privkey.pem" +} + +authority letsencrypt-staging { + api url "https://acme-staging-v02.api.letsencrypt.org/directory" + account key "/etc/acme/letsencrypt-staging-privkey.pem" +} + +domain {{ global.domain_name }} { + domain key "/etc/ssl/private/{{ global.domain_name }}.key" + domain full chain certificate "/etc/ssl/{{ global.domain_name }}.fullchain.pem" + sign with letsencrypt +} diff --git a/roles/acme/vars/main.yml b/roles/acme/vars/main.yml new file mode 100644 index 0000000..a67c5c6 --- /dev/null +++ b/roles/acme/vars/main.yml @@ -0,0 +1,6 @@ + +# acme ~~ roles/acme/tasks/main.yml +# acme variables + +--- + |