roles: Add pf and relayd roles for domain controller

author: Romain Gonçalves <me@rgoncalves.se> 2021-12-11 18:50:33 +0000
committer: Romain Gonçalves <me@rgoncalves.se> 2021-12-11 18:50:33 +0000
commit: de3373e97d133e0ac76fb44deb5dea27c18d8815 (patch)
tree: 5b63b301ff180ef837ca6fb6a676e31cb87d326c /roles/acme/tasks
parent: e60e99796111ee6d43080b4e48971c08886c0570 (diff)
download: rules-de3373e97d133e0ac76fb44deb5dea27c18d8815.tar.gz
1 files changed, 31 insertions, 0 deletions
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml
new file mode 100644
index 0000000..aad4342
--- /dev/null
+++ b/roles/acme/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: generate acme-client configuration
+  template:
+    src: acme-client.conf.j2
+    dest: "{{ acme_configuration_file }}"
+    owner: 0
+    group: 0
+    mode: 0644
+
+- name: retrieve enabled domains
+  shell: grep "^domain" /etc/acme-client.conf | cut -d " " -f 2
+  register: subdomains
+
+- name: generate acme certificates
+  command: acme-client -v {{ item }}
+  loop: "{{ subdomains.stdout_lines }}"
+  register: result
+  failed_when:
+    - result.rc != 0
+    - "'certificate valid' not in result.stderr"
+
+- name: display registered certificates
+  debug:
+    var: result
+
+- name: enable automatic acme certificates update
+  cron:
+    name: "automatic acme certificates update for subdomain : {{ item }}"
+    minute: 0
+    hour: 6,18
+    job: "acme-client -v {{ item }} && rcctl reload relayd"
+  loop: "{{ subdomains.stdout_lines }}"
author	Romain Gonçalves <me@rgoncalves.se>	2021-12-11 18:50:33 +0000
committer	Romain Gonçalves <me@rgoncalves.se>	2021-12-11 18:50:33 +0000
commit	de3373e97d133e0ac76fb44deb5dea27c18d8815 (patch)
tree	5b63b301ff180ef837ca6fb6a676e31cb87d326c /roles/acme/tasks
parent	e60e99796111ee6d43080b4e48971c08886c0570 (diff)
download	rules-de3373e97d133e0ac76fb44deb5dea27c18d8815.tar.gz