diff --git a/README.md b/README.md index b531368..2e512c9 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,9 @@ Install and configure the `acmetool` LE client. -Currently this role is designed to work with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. Maybe there will be a standalone version of this role someday... +We recomend to use this role together with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. But this role has a standalone version too. + +The ``do1jlr.nginx`` role installs a hook to enable nginx https sites and is running the ``acmetool want $domain`` command. Or you add the domains you need to the ``acme_domain_want_list: []``. But make sure you your acmetool is able to request the domains. Maybe you want to configure the ``response-file.yml.j2`` for that. Variables @@ -21,13 +23,23 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c * ``acme_restart_services:`` (Default: ``[]``): Services that need a restart by certificat change +* ``acme_domain_want_list:`` (Default: ``[]``): + A list of domain you want to enable. Example: +```yml +acme_restart_services: + - name: 'www.example.com' +``` + +* ``acme_domain_unwant_list:`` (Default: ``[]``): + Disable a enabled domain. Same syntax than ``acme_domain_want_list``. + * ``submodules_versioncheck:`` (Default: ``false``): Enable basic versionscheck. *(``true`` is recomended)* Files ------- -* We search the ``response-file.yml.j2`` using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config: +* We search the ``response-file.yml.j2`` using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config: ```yaml files: - "response-file.{{ inventory_hostname }}.yml.j2" @@ -41,7 +53,7 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c ``` This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``. -* We search the ``reload`` and ``restart`` hook using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``. +* We search the ``reload`` and ``restart`` hook using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``. * We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables diff --git a/defaults/main.yml b/defaults/main.yml index 7d7a40a..10a6b83 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,6 +5,13 @@ acme_notification_email: 'root@example.org' acme_reload_services: [] acme_restart_services: [] +acme_domain_want_list: [] +# - name: 'example.com' +# - name: 'www.example.com' + +acme_domain_unwant_list: [] +# - name: 'old.example.com' + # configure acmetool systemd service acme_systemd_start_after: 'apache2.service nginx.service' diff --git a/tasks/main.yml b/tasks/main.yml index 30d9f64..bbb1f90 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -17,3 +17,9 @@ - name: Reload systemd and enable acmetool timer unit ansible.builtin.include_tasks: timer.yml + +- name: optionally want domains + ansible.builtin.include_tasks: want_domains.yml + +- name: optionally unwant domains + ansible.builtin.include_tasks: unwant_domains.yml diff --git a/tasks/unwant_domains.yml b/tasks/unwant_domains.yml new file mode 100644 index 0000000..4a0c379 --- /dev/null +++ b/tasks/unwant_domains.yml @@ -0,0 +1,7 @@ +--- +- name: disable acmetool for acme_domain_unwant_list domains + become: true + ansible.builtin.command: "acmetool unwant {{ _domain.name }}" + with_items: "{{ acme_domain_unwant_list }}" + loop_control: + loop_var: _domain diff --git a/tasks/want_domains.yml b/tasks/want_domains.yml new file mode 100644 index 0000000..2551302 --- /dev/null +++ b/tasks/want_domains.yml @@ -0,0 +1,9 @@ +--- +- name: enable acmetool for acme_domain_list domains + become: true + ansible.builtin.command: "acmetool want {{ _domain.name }}" + args: + creates: "/var/lib/acme/live/{{ _domain.name }}" + with_items: "{{ acme_domain_want_list }}" + loop_control: + loop_var: _domain diff --git a/vars/main.yml b/vars/main.yml index f178569..9879ea7 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -33,5 +33,5 @@ acmetool__restart_hook: - 'files' # versionscheck -playbook_version_number: 28 # should be a integer +playbook_version_number: 29 # should be a integer playbook_version_path: 'do1jlr.role-acmetool.version'