misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
ansible-base/roles/tlscert_acme_inwx/tasks/main.json
Christian Fraß 59211fba86 [int]
2024-03-29 17:21:05 +01:00

113 lines
4.1 KiB
JSON
Raw Blame History

[
{
"name": "packages",
"become": true,
"ansible.builtin.apt": {
"update_cache": true,
"pkg": [
"openssl",
"python3-cryptography"
]
}
},
{
"name": "directories | ssl",
"become": true,
"loop": [
"{{var_tlscert_acme_inwx_ssl_directory}}/private",
"{{var_tlscert_acme_inwx_ssl_directory}}/csr",
"{{var_tlscert_acme_inwx_ssl_directory}}/certs",
"{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
],
"ansible.builtin.file": {
"state": "directory",
"path": "{{item}}"
}
},
{
"name": "directories | Let's Encrypt account key",
"become": true,
"ansible.builtin.file": {
"state": "directory",
"path": "{{var_tlscert_acme_inwx_acme_account_key_path | dirname}}"
}
},
{
"name": "key",
"become": true,
"community.crypto.openssl_privatekey": {
"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
}
},
{
"name": "csr",
"become": true,
"community.crypto.openssl_csr": {
"common_name": "{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}",
"privatekey_path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
"path": "{{var_tlscert_acme_inwx_ssl_directory}}/csr/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
}
},
{
"name": "acme | account key",
"become": true,
"ansible.builtin.shell": {
"cmd": "test -f {{var_tlscert_acme_inwx_acme_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_inwx_acme_account_key_path}}"
}
},
{
"name": "acme | init",
"become": true,
"community.crypto.acme_certificate": {
"acme_version": 2,
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
"account_email": "{{var_tlscert_acme_inwx_acme_account_email}}",
"account_key_src": "{{var_tlscert_acme_inwx_acme_account_key_path}}",
"terms_agreed": true,
"csr": "{{var_tlscert_acme_inwx_ssl_directory}}/csr/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
"challenge": "dns-01",
"dest": "{{var_tlscert_acme_inwx_ssl_directory}}/certs/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
"fullchain_dest": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
},
"register": "temp_acme_data"
},
{
"name": "dns challenge | place script",
"become": true,
"ansible.builtin.copy": {
"src": "inwx",
"dest": "/usr/local/bin/inwx",
"mode": "a+x"
}
},
{
"name": "dns challenge | execute",
"when": "'challenge_data' in temp_acme_data",
"ansible.builtin.command": {
"cmd": "/usr/local/bin/inwx --username={{var_tlscert_acme_inwx_inwx_account_username}} --password={{var_tlscert_acme_inwx_inwx_account_password}} save {{var_tlscert_acme_inwx_domain_base}} _acme-challenge.{{var_tlscert_acme_inwx_domain_path}} TXT {{temp_acme_data['challenge_data'][var_tlscert_acme_inwx_domain_path + '.' + var_tlscert_acme_inwx_domain_base]['dns-01']['resource_value']}}"
}
},
{
"name": "dns challenge | wait",
"when": "'challenge_data' in temp_acme_data",
"ansible.builtin.pause": {
"seconds": 60
}
},
{
"name": "acme | finalize",
"become": true,
"community.crypto.acme_certificate": {
"acme_version": 2,
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
"account_email": "{{var_tlscert_acme_inwx_acme_account_email}}",
"account_key_src": "{{var_tlscert_acme_inwx_acme_account_key_path}}",
"terms_agreed": true,
"csr": "{{var_tlscert_acme_inwx_ssl_directory}}/csr/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
"challenge": "dns-01",
"dest": "{{var_tlscert_acme_inwx_ssl_directory}}/certs/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
"fullchain_dest": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem",
"data": "{{temp_acme_data}}"
}
}
]
Reference in a new issue View git blame Copy permalink