1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_acmetool.git synced 2024-08-16 12:29:49 +02:00

Create standalone mode

This commit is contained in:
L3D 2021-09-30 22:07:35 +02:00
parent 624469764c
commit fdfb46336e
Signed by: l3d
GPG key ID: CD08445BFF4313D1
6 changed files with 45 additions and 4 deletions

View file

@ -5,7 +5,9 @@
Install and configure the `acmetool` LE client. Install and configure the `acmetool` LE client.
Currently this role is designed to work with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. Maybe there will be a standalone version of this role someday... We recomend to use this role together with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. But this role has a standalone version too.
The ``do1jlr.nginx`` role installs a hook to enable nginx https sites and is running the ``acmetool want $domain`` command. Or you add the domains you need to the ``acme_domain_want_list: []``. But make sure you your acmetool is able to request the domains. Maybe you want to configure the ``response-file.yml.j2`` for that.
Variables Variables
@ -21,13 +23,23 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
* ``acme_restart_services:`` (Default: ``[]``): * ``acme_restart_services:`` (Default: ``[]``):
Services that need a restart by certificat change Services that need a restart by certificat change
* ``acme_domain_want_list:`` (Default: ``[]``):
A list of domain you want to enable. Example:
```yml
acme_restart_services:
- name: 'www.example.com'
```
* ``acme_domain_unwant_list:`` (Default: ``[]``):
Disable a enabled domain. Same syntax than ``acme_domain_want_list``.
* ``submodules_versioncheck:`` (Default: ``false``): * ``submodules_versioncheck:`` (Default: ``false``):
Enable basic versionscheck. *(``true`` is recomended)* Enable basic versionscheck. *(``true`` is recomended)*
Files Files
------- -------
* We search the ``response-file.yml.j2`` using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config: * We search the ``response-file.yml.j2`` using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
```yaml ```yaml
files: files:
- "response-file.{{ inventory_hostname }}.yml.j2" - "response-file.{{ inventory_hostname }}.yml.j2"
@ -41,7 +53,7 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
``` ```
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``. This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
* We search the ``reload`` and ``restart`` hook using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``. * We search the ``reload`` and ``restart`` hook using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
* We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables * We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables

View file

@ -5,6 +5,13 @@ acme_notification_email: 'root@example.org'
acme_reload_services: [] acme_reload_services: []
acme_restart_services: [] acme_restart_services: []
acme_domain_want_list: []
# - name: 'example.com'
# - name: 'www.example.com'
acme_domain_unwant_list: []
# - name: 'old.example.com'
# configure acmetool systemd service # configure acmetool systemd service
acme_systemd_start_after: 'apache2.service nginx.service' acme_systemd_start_after: 'apache2.service nginx.service'

View file

@ -17,3 +17,9 @@
- name: Reload systemd and enable acmetool timer unit - name: Reload systemd and enable acmetool timer unit
ansible.builtin.include_tasks: timer.yml ansible.builtin.include_tasks: timer.yml
- name: optionally want domains
ansible.builtin.include_tasks: want_domains.yml
- name: optionally unwant domains
ansible.builtin.include_tasks: unwant_domains.yml

7
tasks/unwant_domains.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: disable acmetool for acme_domain_unwant_list domains
become: true
ansible.builtin.command: "acmetool unwant {{ _domain.name }}"
with_items: "{{ acme_domain_unwant_list }}"
loop_control:
loop_var: _domain

9
tasks/want_domains.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: enable acmetool for acme_domain_list domains
become: true
ansible.builtin.command: "acmetool want {{ _domain.name }}"
args:
creates: "/var/lib/acme/live/{{ _domain.name }}"
with_items: "{{ acme_domain_want_list }}"
loop_control:
loop_var: _domain

View file

@ -33,5 +33,5 @@ acmetool__restart_hook:
- 'files' - 'files'
# versionscheck # versionscheck
playbook_version_number: 28 # should be a integer playbook_version_number: 29 # should be a integer
playbook_version_path: 'do1jlr.role-acmetool.version' playbook_version_path: 'do1jlr.role-acmetool.version'