mirror of
https://github.com/roles-ansible/ansible_role_acmetool.git
synced 2024-08-16 12:29:49 +02:00
Create standalone mode
This commit is contained in:
parent
624469764c
commit
fdfb46336e
6 changed files with 45 additions and 4 deletions
18
README.md
18
README.md
|
@ -5,7 +5,9 @@
|
||||||
|
|
||||||
Install and configure the `acmetool` LE client.
|
Install and configure the `acmetool` LE client.
|
||||||
|
|
||||||
Currently this role is designed to work with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. Maybe there will be a standalone version of this role someday...
|
We recomend to use this role together with the [do1jlr.nginx](https://github.com/do1jlr/ansible_role_nginx.git) ansible role. But this role has a standalone version too.
|
||||||
|
|
||||||
|
The ``do1jlr.nginx`` role installs a hook to enable nginx https sites and is running the ``acmetool want $domain`` command. Or you add the domains you need to the ``acme_domain_want_list: []``. But make sure you your acmetool is able to request the domains. Maybe you want to configure the ``response-file.yml.j2`` for that.
|
||||||
|
|
||||||
|
|
||||||
Variables
|
Variables
|
||||||
|
@ -21,13 +23,23 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
|
||||||
* ``acme_restart_services:`` (Default: ``[]``):
|
* ``acme_restart_services:`` (Default: ``[]``):
|
||||||
Services that need a restart by certificat change
|
Services that need a restart by certificat change
|
||||||
|
|
||||||
|
* ``acme_domain_want_list:`` (Default: ``[]``):
|
||||||
|
A list of domain you want to enable. Example:
|
||||||
|
```yml
|
||||||
|
acme_restart_services:
|
||||||
|
- name: 'www.example.com'
|
||||||
|
```
|
||||||
|
|
||||||
|
* ``acme_domain_unwant_list:`` (Default: ``[]``):
|
||||||
|
Disable a enabled domain. Same syntax than ``acme_domain_want_list``.
|
||||||
|
|
||||||
* ``submodules_versioncheck:`` (Default: ``false``):
|
* ``submodules_versioncheck:`` (Default: ``false``):
|
||||||
Enable basic versionscheck. *(``true`` is recomended)*
|
Enable basic versionscheck. *(``true`` is recomended)*
|
||||||
|
|
||||||
|
|
||||||
Files
|
Files
|
||||||
-------
|
-------
|
||||||
* We search the ``response-file.yml.j2`` using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
|
* We search the ``response-file.yml.j2`` using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the following config:
|
||||||
```yaml
|
```yaml
|
||||||
files:
|
files:
|
||||||
- "response-file.{{ inventory_hostname }}.yml.j2"
|
- "response-file.{{ inventory_hostname }}.yml.j2"
|
||||||
|
@ -41,7 +53,7 @@ Currently this role is designed to work with the [do1jlr.nginx](https://github.c
|
||||||
```
|
```
|
||||||
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
|
This file is configuring the acmetool behaviour like certificate type, challange methode, acme notification email and so on. Change the values by providing your own ``response-file.yml.j2``.
|
||||||
|
|
||||||
* We search the ``reload`` and ``restart`` hook using the [first_found_loopup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
|
* We search the ``reload`` and ``restart`` hook using the [first_found_lookup](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/first_found_lookup.html) with the config defined in ``vars/main.yml``.
|
||||||
|
|
||||||
* We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables
|
* We deploy the ``acme-reload`` and ``acme-restart`` configuration based on the ``acme_reload_services:`` and ``acme_restart_services:`` variables
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,13 @@ acme_notification_email: 'root@example.org'
|
||||||
acme_reload_services: []
|
acme_reload_services: []
|
||||||
acme_restart_services: []
|
acme_restart_services: []
|
||||||
|
|
||||||
|
acme_domain_want_list: []
|
||||||
|
# - name: 'example.com'
|
||||||
|
# - name: 'www.example.com'
|
||||||
|
|
||||||
|
acme_domain_unwant_list: []
|
||||||
|
# - name: 'old.example.com'
|
||||||
|
|
||||||
# configure acmetool systemd service
|
# configure acmetool systemd service
|
||||||
acme_systemd_start_after: 'apache2.service nginx.service'
|
acme_systemd_start_after: 'apache2.service nginx.service'
|
||||||
|
|
||||||
|
|
|
@ -17,3 +17,9 @@
|
||||||
|
|
||||||
- name: Reload systemd and enable acmetool timer unit
|
- name: Reload systemd and enable acmetool timer unit
|
||||||
ansible.builtin.include_tasks: timer.yml
|
ansible.builtin.include_tasks: timer.yml
|
||||||
|
|
||||||
|
- name: optionally want domains
|
||||||
|
ansible.builtin.include_tasks: want_domains.yml
|
||||||
|
|
||||||
|
- name: optionally unwant domains
|
||||||
|
ansible.builtin.include_tasks: unwant_domains.yml
|
||||||
|
|
7
tasks/unwant_domains.yml
Normal file
7
tasks/unwant_domains.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: disable acmetool for acme_domain_unwant_list domains
|
||||||
|
become: true
|
||||||
|
ansible.builtin.command: "acmetool unwant {{ _domain.name }}"
|
||||||
|
with_items: "{{ acme_domain_unwant_list }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: _domain
|
9
tasks/want_domains.yml
Normal file
9
tasks/want_domains.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: enable acmetool for acme_domain_list domains
|
||||||
|
become: true
|
||||||
|
ansible.builtin.command: "acmetool want {{ _domain.name }}"
|
||||||
|
args:
|
||||||
|
creates: "/var/lib/acme/live/{{ _domain.name }}"
|
||||||
|
with_items: "{{ acme_domain_want_list }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: _domain
|
|
@ -33,5 +33,5 @@ acmetool__restart_hook:
|
||||||
- 'files'
|
- 'files'
|
||||||
|
|
||||||
# versionscheck
|
# versionscheck
|
||||||
playbook_version_number: 28 # should be a integer
|
playbook_version_number: 29 # should be a integer
|
||||||
playbook_version_path: 'do1jlr.role-acmetool.version'
|
playbook_version_path: 'do1jlr.role-acmetool.version'
|
||||||
|
|
Loading…
Reference in a new issue