misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

[fix] role:tlscert_acme_netcup

Browse source
This commit is contained in:
Christian Fraß 2023-11-20 16:34:59 +01:00
parent 72a3a0c163
commit 016cb84bdb
2 changed files with 42 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ansible/roles/tlscert_acme_netcup/defaults/main.json
View file

@ -1,5 +1,6 @@
{ {
"var_tlscert_acme_netcup_acme_account_email": "REPLACE_ME", "var_tlscert_acme_netcup_acme_account_email": "REPLACE_ME",
"var_tlscert_acme_netcup_letsencrypt_account_key_path": "/etc/letsencrypt/key",
"var_tlscert_acme_netcup_netcup_customer_id": "REPLACE_ME", "var_tlscert_acme_netcup_netcup_customer_id": "REPLACE_ME",
"var_tlscert_acme_netcup_netcup_api_password": "REPLACE_ME", "var_tlscert_acme_netcup_netcup_api_password": "REPLACE_ME",
"var_tlscert_acme_netcup_netcup_api_key": "REPLACE_ME", "var_tlscert_acme_netcup_netcup_api_key": "REPLACE_ME",

50
ansible/roles/tlscert_acme_netcup/tasks/main.json
View file

@ -4,13 +4,12 @@
"become": true, "become": true,
"ansible.builtin.apt": { "ansible.builtin.apt": {
"pkg": [ "pkg": [
"openssl", "openssl"
"certbot"
] ]
} }
}, },
{ {
"name": "csr | setup private key directory", "name": "setup directories | keys",
"become": true, "become": true,
"ansible.builtin.file": { "ansible.builtin.file": {
"state": "directory", "state": "directory",
@ -18,20 +17,44 @@
} }
}, },
{ {
"name": "csr | generate private key", "name": "setup directories | certs",
"become": true, "become": true,
"community.crypto.openssl_privatekey": { "ansible.builtin.file": {
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem" "state": "directory",
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/certs"
} }
}, },
{ {
"name": "csr | setup csr directory", "name": "setup directories | csr",
"become": true, "become": true,
"ansible.builtin.file": { "ansible.builtin.file": {
"state": "directory", "state": "directory",
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr" "path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr"
} }
}, },
{
"name": "setup directories | fullchains",
"become": true,
"ansible.builtin.file": {
"state": "directory",
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
}
},
{
"name": "setup directories | Let's Encrypt account key",
"become": true,
"ansible.builtin.file": {
"state": "directory",
"path": "{{var_tlscert_acme_netcup_letsencrypt_account_key_path | dirname}}"
}
},
{
"name": "csr | generate private key",
"become": true,
"community.crypto.openssl_privatekey": {
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
}
},
{ {
"name": "csr | execute", "name": "csr | execute",
"become": true, "become": true,
@ -41,6 +64,13 @@
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem" "path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
} }
}, },
{
"name": "acme | generate account key",
"become": true,
"ansible.builtin.shell": {
"cmd": "test -f {{var_tlscert_acme_netcup_letsencrypt_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_netcup_letsencrypt_account_key_path}}"
}
},
{ {
"name": "acme | init", "name": "acme | init",
"become": true, "become": true,
@ -48,7 +78,7 @@
"acme_version": 2, "acme_version": 2,
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory", "acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
"account_email": "{{var_tlscert_acme_netcup_acme_account_email}}", "account_email": "{{var_tlscert_acme_netcup_acme_account_email}}",
"account_key_src": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem", "account_key_src": "{{var_tlscert_acme_netcup_letsencrypt_account_key_path}}",
"terms_agreed": true, "terms_agreed": true,
"csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem", "csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
"challenge": "dns-01", "challenge": "dns-01",
@ -59,6 +89,7 @@
}, },
{ {
"name": "dns challenge | execute", "name": "dns challenge | execute",
"when": "'challenge_data' in temp_acme_data",
"community.general.netcup_dns": { "community.general.netcup_dns": {
"customer_id": "{{var_tlscert_acme_netcup_netcup_customer_id}}", "customer_id": "{{var_tlscert_acme_netcup_netcup_customer_id}}",
"api_password": "{{var_tlscert_acme_netcup_netcup_api_password}}", "api_password": "{{var_tlscert_acme_netcup_netcup_api_password}}",
@ -71,6 +102,7 @@
}, },
{ {
"name": "dns challenge | wait", "name": "dns challenge | wait",
"when": "'challenge_data' in temp_acme_data",
"ansible.builtin.pause": { "ansible.builtin.pause": {
"seconds": 60 "seconds": 60
} }
@ -82,7 +114,7 @@
"acme_version": 2, "acme_version": 2,
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory", "acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
"account_email": "{{var_tlscert_acme_netcup_acme_account_email}}", "account_email": "{{var_tlscert_acme_netcup_acme_account_email}}",
"account_key_src": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem", "account_key_src": "{{var_tlscert_acme_netcup_letsencrypt_account_key_path}}",
"terms_agreed": true, "terms_agreed": true,
"csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem", "csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
"challenge": "dns-01", "challenge": "dns-01",