1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_acmetool.git synced 2024-08-16 12:29:49 +02:00
ansible_role_acmetool/README.md

81 lines
4.4 KiB
Markdown
Raw Normal View History

2021-03-20 18:56:46 +01:00
[![Ansible Galaxy](https://raw.githubusercontent.com/roles-ansible/ansible_role_acmetool/main/.github/galaxy.svg?sanitize=true)](https://galaxy.ansible.com/do1jlr/acmetool) [![MIT License](https://raw.githubusercontent.com/roles-ansible/ansible_role_acmetool/main/.github/license.svg?sanitize=true)](https://github.com/roles-ansible/ansible_role_acmetool/blob/main/LICENCE)
2021-03-20 18:24:09 +01:00
Acmetool LE client
2021-02-06 22:36:42 +01:00
==================
Install and configure the `acmetool` LE client.
2021-09-30 22:07:35 +02:00
We recomend to use this role together with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. But this role has a standalone version too.
The ``do1jlr.nginx`` role installs a hook to enable nginx https sites and is running the ``acmetool want $domain`` command. Or you add the domains you need to the ``acme_domain_want_list: []``. But make sure you your acmetool is able to request the domains. Maybe you want to configure the ``response-file.yml.j2`` for that.
2021-08-11 23:17:29 +02:00
2021-02-06 22:36:42 +01:00
2021-03-20 18:24:09 +01:00
Variables
-----------
2021-02-06 22:36:42 +01:00
2021-03-20 18:24:09 +01:00
* ``acme_notification_email:`` (Default: ``root@example.org``):
2021-02-06 22:36:42 +01:00
LE account email. The default needs to be changed!
2021-08-11 23:17:29 +02:00
* ``acme_reload_services:`` (Default: ``[]``):
Services that need a reload by certificat change
*(There are some services pre-defined in the [files/reload](files/reload) file)*
* ``acme_restart_services:`` (Default: ``[]``):
Services that need a restart by certificat change
2021-09-30 22:07:35 +02:00
* ``acme_domain_want_list:`` (Default: ``[]``):
A list of domain you want to enable. Example:
```yml
2021-09-30 22:41:04 +02:00
acme_domain_want_list:
2021-09-30 22:07:35 +02:00
- name: 'www.example.com'
```
* ``acme_domain_unwant_list:`` (Default: ``[]``):
Disable a enabled domain. Same syntax than ``acme_domain_want_list``.
2021-03-20 18:24:09 +01:00
* ``submodules_versioncheck:`` (Default: ``false``):
Enable basic versionscheck. *(``true`` is recomended)*
2021-02-06 22:36:42 +01:00
2021-07-16 01:19:30 +02:00
Files
-------
2021-09-30 22:07:35 +02:00
* We search the ``response-file.yml.j2`` using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
2021-07-16 01:19:30 +02:00
```yaml
files:
- "response-file.{{ inventory_hostname }}.yml.j2"
- 'response-file.yml.j2'
paths:
- 'templates/acmetool'
- "templates/{{ inventory_hostname }}"
- 'files/acmetool'
- "files/{{ inventory_hostname }}"
- 'templates'
```
2021-08-11 23:17:29 +02:00
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
2021-09-30 22:07:35 +02:00
* We search the ``reload`` and ``restart`` hook using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
2021-08-11 23:17:29 +02:00
* We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables
2021-07-16 01:19:30 +02:00
2021-03-20 18:52:18 +01:00
References
------------
2021-02-06 22:36:42 +01:00
* [acmetool](https://github.com/hlandau/acmetool)
* [acmetool user's guide](https://hlandau.github.io/acmetool/userguide)
2021-03-20 18:52:18 +01:00
2021-05-10 22:29:26 +02:00
Good to know
--------------
+ If you are using debian buster, you are probably interested in a more up to date version of acmetool. Have a look at the [do1jlr.acmetool_fix](https://galaxy.ansible.com/do1jlr/acmetool_fix) role, that will install a specific version of acmetool on debian based systems.
2021-09-30 00:13:37 +02:00
+ To add a domain manually to acmetool run ``acmetool want example.com``
+ To remove a domain manually from acmetool, ``acmetool unwant example.com``
2021-05-10 22:29:26 +02:00
2021-03-20 18:52:18 +01:00
Testing
---------
We are using the following github actions for testing and releasing to ansible galaxy.
| Action Status | Marketplace |
| ------------- | ----------- |
| [![Ansible Lint check](https://github.com/roles-ansible/ansible_role_acmetool/actions/workflows/ansible-linting-check.yml/badge.svg)](https://github.com/roles-ansible/ansible_role_acmetool/actions/workflows/ansible-linting-check.yml) | [ansible-lint](https://github.com/marketplace/actions/ansible-lint) |
| [![Galaxy release](https://github.com/roles-ansible/ansible_role_acmetool/actions/workflows/galaxy.yml/badge.svg)](https://github.com/roles-ansible/ansible_role_acmetool/actions/workflows/galaxy.yml) | [publish-ansible-role-to-galaxy](https://github.com/marketplace/actions/publish-ansible-role-to-galaxy) |
| [![Yamllint GitHub Actions](https://github.com/roles-ansible/ansible_role_acmetool/actions/workflows/yamllint.yaml/badge.svg)](https://github.com/roles-ansible/ansible_role_acmetool/actions/workflows/yamllint.yaml) | [yamllint-github-action](https://github.com/marketplace/actions/yamllint-github-action) |