137 lines
4.7 KiB
JSON
137 lines
4.7 KiB
JSON
[
|
|
{
|
|
"name": "packages | debian",
|
|
"become": true,
|
|
"ansible.builtin.apt": {
|
|
"pkg": [
|
|
"openssl",
|
|
"python3-cryptography",
|
|
"python3-pip"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "packages | python",
|
|
"ansible.builtin.pip": {
|
|
"name": "nc_dnsapi"
|
|
},
|
|
"environment": {
|
|
"PIP_BREAK_SYSTEM_PACKAGES": "1"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup directories | keys",
|
|
"become": true,
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup directories | certs",
|
|
"become": true,
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/certs"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup directories | csr",
|
|
"become": true,
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup directories | fullchains",
|
|
"become": true,
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup directories | Let's Encrypt account key",
|
|
"become": true,
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{var_tlscert_acme_netcup_acme_account_key_path | dirname}}"
|
|
}
|
|
},
|
|
{
|
|
"name": "csr | generate private key",
|
|
"become": true,
|
|
"community.crypto.openssl_privatekey": {
|
|
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
|
|
}
|
|
},
|
|
{
|
|
"name": "csr | execute",
|
|
"become": true,
|
|
"community.crypto.openssl_csr": {
|
|
"common_name": "{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}",
|
|
"privatekey_path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
|
|
"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
|
|
}
|
|
},
|
|
{
|
|
"name": "acme | generate account key",
|
|
"become": true,
|
|
"ansible.builtin.shell": {
|
|
"cmd": "test -f {{var_tlscert_acme_netcup_acme_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_netcup_acme_account_key_path}}"
|
|
}
|
|
},
|
|
{
|
|
"name": "acme | init",
|
|
"become": true,
|
|
"community.crypto.acme_certificate": {
|
|
"acme_version": 2,
|
|
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
|
|
"account_email": "{{var_tlscert_acme_netcup_acme_account_email}}",
|
|
"account_key_src": "{{var_tlscert_acme_netcup_acme_account_key_path}}",
|
|
"terms_agreed": true,
|
|
"csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
|
|
"challenge": "dns-01",
|
|
"dest": "{{var_tlscert_acme_netcup_ssl_directory}}/certs/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
|
|
"fullchain_dest": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
|
|
},
|
|
"register": "temp_acme_data"
|
|
},
|
|
{
|
|
"name": "dns challenge | execute",
|
|
"when": "'challenge_data' in temp_acme_data",
|
|
"community.general.netcup_dns": {
|
|
"customer_id": "{{var_tlscert_acme_netcup_netcup_customer_id}}",
|
|
"api_password": "{{var_tlscert_acme_netcup_netcup_api_password}}",
|
|
"api_key": "{{var_tlscert_acme_netcup_netcup_api_key}}",
|
|
"domain": "{{var_tlscert_acme_netcup_domain_base}}",
|
|
"record": "_acme_challenge.{{var_tlscert_acme_netcup_domain_path}}",
|
|
"type": "TXT",
|
|
"value": "{{temp_acme_data['challenge_data'][var_tlscert_acme_netcup_domain_path + '.' + var_tlscert_acme_netcup_domain_base]['dns-01']['resource_value']}}"
|
|
}
|
|
},
|
|
{
|
|
"name": "dns challenge | wait",
|
|
"when": "'challenge_data' in temp_acme_data",
|
|
"ansible.builtin.pause": {
|
|
"seconds": 300
|
|
}
|
|
},
|
|
{
|
|
"name": "acme | finalize",
|
|
"become": true,
|
|
"community.crypto.acme_certificate": {
|
|
"acme_version": 2,
|
|
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
|
|
"account_email": "{{var_tlscert_acme_netcup_acme_account_email}}",
|
|
"account_key_src": "{{var_tlscert_acme_netcup_acme_account_key_path}}",
|
|
"terms_agreed": true,
|
|
"csr": "{{var_tlscert_acme_netcup_ssl_directory}}/csr/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
|
|
"challenge": "dns-01",
|
|
"dest": "{{var_tlscert_acme_netcup_ssl_directory}}/certs/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
|
|
"fullchain_dest": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem",
|
|
"data": "{{temp_acme_data}}"
|
|
}
|
|
}
|
|
]
|