mirror of
https://github.com/roles-ansible/ansible_role_acmetool.git
synced 2024-08-16 12:29:49 +02:00
Create standalone mode
This commit is contained in:
parent
624469764c
commit
fdfb46336e
GPG key ID:
CD08445BFF4313D1
6 changed files with 45 additions and 4 deletions
18
README.md
18
README.md
|
|
@ -5,7 +5,9 @@
|
|||
|
||||
Install and configure the `acmetool` LE client.
|
||||
|
||||
Currently this role is designed to work with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. Maybe there will be a standalone version of this role someday...
|
||||
We recomend to use this role together with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. But this role has a standalone version too.
|
||||
|
||||
The ``do1jlr.nginx`` role installs a hook to enable nginx https sites and is running the ``acmetool want $domain`` command. Or you add the domains you need to the ``acme_domain_want_list: []``. But make sure you your acmetool is able to request the domains. Maybe you want to configure the ``response-file.yml.j2`` for that.
|
||||
|
||||
|
||||
Variables
|
||||
|
|
@ -21,13 +23,23 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
|
|||
* ``acme_restart_services:`` (Default: ``[]``):
|
||||
Services that need a restart by certificat change
|
||||
|
||||
* ``acme_domain_want_list:`` (Default: ``[]``):
|
||||
A list of domain you want to enable. Example:
|
||||
```yml
|
||||
acme_restart_services:
|
||||
- name: 'www.example.com'
|
||||
```
|
||||
|
||||
* ``acme_domain_unwant_list:`` (Default: ``[]``):
|
||||
Disable a enabled domain. Same syntax than ``acme_domain_want_list``.
|
||||
|
||||
* ``submodules_versioncheck:`` (Default: ``false``):
|
||||
Enable basic versionscheck. *(``true`` is recomended)*
|
||||
|
||||
|
||||
Files
|
||||
-------
|
||||
* We search the ``response-file.yml.j2`` using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
|
||||
* We search the ``response-file.yml.j2`` using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
|
||||
```yaml
|
||||
files:
|
||||
- "response-file.{{ inventory_hostname }}.yml.j2"
|
||||
|
|
@ -41,7 +53,7 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
|
|||
```
|
||||
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
|
||||
|
||||
* We search the ``reload`` and ``restart`` hook using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
|
||||
* We search the ``reload`` and ``restart`` hook using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
|
||||
|
||||
* We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,13 @@ acme_notification_email: 'root@example.org'
|
|||
acme_reload_services: []
|
||||
acme_restart_services: []
|
||||
|
||||
acme_domain_want_list: []
|
||||
# - name: 'example.com'
|
||||
# - name: 'www.example.com'
|
||||
|
||||
acme_domain_unwant_list: []
|
||||
# - name: 'old.example.com'
|
||||
|
||||
# configure acmetool systemd service
|
||||
acme_systemd_start_after: 'apache2.service nginx.service'
|
||||
|
||||
|
|
|
|||
|
|
@ -17,3 +17,9 @@
|
|||
|
||||
- name: Reload systemd and enable acmetool timer unit
|
||||
ansible.builtin.include_tasks: timer.yml
|
||||
|
||||
- name: optionally want domains
|
||||
ansible.builtin.include_tasks: want_domains.yml
|
||||
|
||||
- name: optionally unwant domains
|
||||
ansible.builtin.include_tasks: unwant_domains.yml
|
||||
|
|
|
|||
7
tasks/unwant_domains.yml
Normal file
7
tasks/unwant_domains.yml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- name: disable acmetool for acme_domain_unwant_list domains
|
||||
become: true
|
||||
ansible.builtin.command: "acmetool unwant {{ _domain.name }}"
|
||||
with_items: "{{ acme_domain_unwant_list }}"
|
||||
loop_control:
|
||||
loop_var: _domain
|
||||
9
tasks/want_domains.yml
Normal file
9
tasks/want_domains.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: enable acmetool for acme_domain_list domains
|
||||
become: true
|
||||
ansible.builtin.command: "acmetool want {{ _domain.name }}"
|
||||
args:
|
||||
creates: "/var/lib/acme/live/{{ _domain.name }}"
|
||||
with_items: "{{ acme_domain_want_list }}"
|
||||
loop_control:
|
||||
loop_var: _domain
|
||||
|
|
@ -33,5 +33,5 @@ acmetool__restart_hook:
|
|||
- 'files'
|
||||
|
||||
# versionscheck
|
||||
playbook_version_number: 28 # should be a integer
|
||||
playbook_version_number: 29 # should be a integer
|
||||
playbook_version_path: 'do1jlr.role-acmetool.version'
|
||||
|
|
|
|||
Loading…
Reference in a new issue