diff --git a/ansible/roles/acme-inwx/defaults/main.json b/ansible/roles/acme-inwx/defaults/main.json deleted file mode 100644 index 2c63c08..0000000 --- a/ansible/roles/acme-inwx/defaults/main.json +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/ansible/roles/acme-inwx/tasks/main.json b/ansible/roles/acme-inwx/tasks/main.json deleted file mode 100644 index 0d4f101..0000000 --- a/ansible/roles/acme-inwx/tasks/main.json +++ /dev/null @@ -1,2 +0,0 @@ -[ -] diff --git a/ansible/roles/acme/defaults/main.json b/ansible/roles/acme/defaults/main.json deleted file mode 100644 index ed04c06..0000000 --- a/ansible/roles/acme/defaults/main.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "var_acme_domain_base": "REPLACE_ME", - "var_acme_domain_path": "REPLACE_ME", - "var_acme_acme_account_email": "REPLACE_ME", - "var_acme_inwx_username": "REPLACE_ME", - "var_acme_inwx_password": "REPLACE_ME", - "var_acme_ssl_directory": "/etc/ssl" -} - diff --git a/ansible/roles/acme/info.md b/ansible/roles/acme/info.md deleted file mode 100644 index b7ef31e..0000000 --- a/ansible/roles/acme/info.md +++ /dev/null @@ -1,15 +0,0 @@ -## Beschreibung - -- zum Erstellen von TLS-Zertifikaten mittels [Let's Encrypt](https://de.m.wikipedia.org/wiki/Let%E2%80%99s_Encrypt) - - -## Besonderheiten - -- derzeit nur für DNS-Challenge ausgelegt - - -## Verweise - -- https://letsencrypt.org/docs/client-options/ -- https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_csr_module.html -- https://docs.ansible.com/ansible/latest/collections/community/crypto/acme_certificate_module.html diff --git a/ansible/roles/acme/tasks/main.json b/ansible/roles/acme/tasks/main.json deleted file mode 100644 index 560c204..0000000 --- a/ansible/roles/acme/tasks/main.json +++ /dev/null @@ -1,91 +0,0 @@ -[ - { - "name": "packages", - "become": true, - "ansible.builtin.apt": { - "state": "present", - "pkg": [ - "openssl" - ] - } - }, - { - "name": "create signing request", - "community.crypto.openssl_csr": { - "state": "present", - "common_name": "{{var_acme_domain_path}}.{{var_acme_domain_base}}", - "path": "{{var_acme_ssl_directory}}/csr/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem" - } - }, - { - "name": "init", - "community.crypto.acme_certificate": { - "acme_version": 1, - "account_email": "{{var_acme_acme_account_email}}", - "path": "{{var_acme_ssl_directory}}/csr/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem", - "challenge": "dns-01", - "dest": "{{var_acme_ssl_directory}}/certs/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem", - "fullchain_dest": "{{var_acme_ssl_directory}}/fullchains/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem" - }, - "register": "temp_acme_data" - }, - { - "name": "dns challenge | login", - "ansible.builtin.uri": { - "url": "https://api.domrobot.com/jsonrpc/", - "method": "POST", - "headers": { - "Content-Type": "application/json" - }, - "body_format": "json", - "body": { - "method": "account.login", - "params": { - "user": "{{var_acme_inwx_username}}", - "pass": "{{var_acme_inwx_password}}" - } - } - }, - "register": "temp_inwx_login_result" - }, - { - "name": "dns challenge | execute", - "ansible.builtin.uri": { - "url": "https://api.domrobot.com/jsonrpc/", - "method": "POST", - "headers": { - "Content-Type": "application/json", - "Cookie": "{{var_acme_temp_inwx_login_result._accesstoken}}" - }, - "body_format": "json", - "body": { - "method": "nameserver.updateRecord", - "params": { - "domain": "{{var_acme_domain_base}}", - "name": "_acme_challenge.{{var_acme_domain_path}}", - "type": "TXT", - "content": "{{var_acme_temp_acme_data.challenge_data['sample.com']['dns-01'].record}}" - } - } - } - }, - { - "name": "dns challenge | wait", - "ansible.builtin.pause": { - "second": 60 - } - }, - { - "name": "finalize", - "community.crypto.acme_certificate": { - "data": "{{var_acme_temp_acme_data}}", - "acme_version": 1, - "account_email": "{{var_acme_acme_account_email}}", - "path": "{{var_acme_ssl_directory}}/csr/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem", - "challenge": "dns-01", - "dest": "{{var_acme_ssl_directory}}/certs/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem", - "fullchain_dest": "{{var_acme_ssl_directory}}/fullchains/{{var_acme_domain_path}}.{{var_acme_domain_base}}.pem" - } - } -] -