95 lines
2.3 KiB
JSON
95 lines
2.3 KiB
JSON
[
|
|
{
|
|
"name": "packages",
|
|
"become": true,
|
|
"ansible.builtin.apt": {
|
|
"update_cache": true,
|
|
"pkg": [
|
|
"openssl",
|
|
"python3-cryptography",
|
|
"certbot"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "directories",
|
|
"become": true,
|
|
"loop": [
|
|
"{{var_tlscert_acme_inwx_ssl_directory}}/private",
|
|
"{{var_tlscert_acme_inwx_ssl_directory}}/csr",
|
|
"{{var_tlscert_acme_inwx_ssl_directory}}/certs",
|
|
"{{var_tlscert_acme_inwx_ssl_directory}}/chains",
|
|
"{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
|
|
],
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{item}}"
|
|
}
|
|
},
|
|
{
|
|
"name": "tools | inwx",
|
|
"become": true,
|
|
"ansible.builtin.copy": {
|
|
"src": "inwx",
|
|
"dest": "/usr/local/bin/inwx",
|
|
"mode": "a+x"
|
|
}
|
|
},
|
|
{
|
|
"name": "tools | tls-get | script",
|
|
"become": true,
|
|
"ansible.builtin.copy": {
|
|
"src": "tls-get",
|
|
"dest": "/usr/local/bin/tls-get",
|
|
"mode": "a+x"
|
|
}
|
|
},
|
|
{
|
|
"name": "tools | tls-get | conf",
|
|
"become": true,
|
|
"ansible.builtin.template": {
|
|
"src": "tls-get-conf.json.j2",
|
|
"dest": "/root/.tls-get-conf.json"
|
|
}
|
|
},
|
|
{
|
|
"name": "tools | pseudo queue | setup",
|
|
"become": true,
|
|
"ansible.builtin.cron": {
|
|
"state": "present",
|
|
"disabled": false,
|
|
"name": "pseudo queue",
|
|
"special_time": "reboot",
|
|
"job": "bash -c \"(test -p /var/pseudoqueue || mkfifo --mode=0600 /var/pseudoqueue) && (while true ; do bash < /var/pseudoqueue ; done)\""
|
|
}
|
|
},
|
|
{
|
|
"name": "tools | pseudo queue | run",
|
|
"become": true,
|
|
"ansible.builtin.shell": {
|
|
"cmd": "bash -c \"test -p /var/pseudoqueue || (mkfifo --mode=0600 /var/pseudoqueue && (while true ; do bash < /var/pseudoqueue ; done))\" &"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup auto renewal",
|
|
"become": true,
|
|
"ansible.builtin.cron": {
|
|
"state": "present",
|
|
"disabled": false,
|
|
"name": "TLS certificate for {{var_tlscert_acme_inwx_domain}}",
|
|
"minute": "0",
|
|
"hour": "2",
|
|
"day": "1",
|
|
"month": "*",
|
|
"weekday": "*",
|
|
"job": "echo '/usr/local/bin/tls-get {{var_tlscert_acme_inwx_domain}} --conf-path=/root/.tls-get-conf.json --target-directory={{var_tlscert_acme_inwx_ssl_directory}}' > /var/pseudoqueue"
|
|
}
|
|
},
|
|
{
|
|
"name": "run",
|
|
"become": true,
|
|
"ansible.builtin.shell": {
|
|
"cmd": "/usr/local/bin/tls-get {{var_tlscert_acme_inwx_domain}} --conf-path=/root/.tls-get-conf.json --target-directory={{var_tlscert_acme_inwx_ssl_directory}}"
|
|
}
|
|
}
|
|
]
|