Added passwords for nextcloud, onlyoffice, bitwarden // Restructured folders

2021-02-28 00:02:43 +01:00 · 2021-02-28 00:02:43 +01:00 · e610c9274f
commit e610c9274f
1 changed files with 88 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,88 @@
+---
+- name: Install dependencies
+  become: yes
+  apt:
+    pkg:
+      - oathtool
+
+- name: Determine if acme.sh is installed
+  become: yes
+  stat:
+    path: "~/.acme.sh/acme.sh"
+  register: is_acme_sh_installed
+
+- name: Get acme.sh Installer
+  become: yes
+  get_url:
+    url: https://get.acme.sh
+    dest: /tmp/acme.sh
+    mode: '0700'
+  when: not is_acme_sh_installed.stat.exists
+
+- name: Install acme.sh
+  become: yes
+  shell: "sh /tmp/acme.sh email={{ acme_email }}"
+  when: not is_acme_sh_installed.stat.exists
+
+- name: Upgrade acme.sh
+  become: yes
+  shell:
+    cmd: ./acme.sh --upgrade
+    chdir: ~/.acme.sh
+  when: is_acme_sh_installed.stat.exists
+  register: upgrade_result
+  changed_when: upgrade_result.rc == 0 and "Upgrade success" in upgrade_result.stdout and not "Already uptodate" in upgrade_result.stdout
+
+- name: Issue certificates
+  become: yes
+  shell:
+    cmd: ./acme.sh --issue -d {{ item.name }} -d '*.{{ item.name }}' --dns dns_{{ item.dns_provider }} 
+    chdir: ~/.acme.sh
+  environment: 
+    INWX_User: gkrause
+    INWX_Password: "{{ inwx_pass }}"
+    INWX_Shared_Secret: "{{ inwx_shared }}"
+    GANDI_LIVEDNS_KEY: "{{ gandi_livedns_key }}"
+  loop: "{{ domains }}"
+  register: cert_result
+  changed_when: cert_result.rc == 0 and "Cert success." in cert_result.stdout
+  failed_when: 
+    - "'Domains not changed' not in cert_result.stdout"
+    - "'Cert success.' not in cert_result.stdout"
+
+- name: Make sure certs dir exists
+  become: yes
+  file:
+    path: "{{ certs_dir }}/{{ item.name }}"
+    state: directory
+    mode: "0755"
+  loop: "{{ domains }}"
+
+- name: Place nginx reload command to cert reload script
+  become: yes
+  lineinfile:
+    path: "/usr/local/bin/cert_reload_{{ item.name }}.sh"
+    line: "systemctl reload nginx"
+    create: yes
+  loop: "{{ domains }}"
+
+- name: Ensure reload script has correct permissions
+  become: yes
+  file:
+    path: "/usr/local/bin/cert_reload_{{ item.name }}.sh"
+    owner: root
+    group: root
+    mode: 0700
+  loop: "{{ domains }}"
+
+- name: Install certificates
+  become: yes
+  shell:
+    cmd: ./acme.sh --install-cert -d "{{ item.name }}" --key-file "{{ certs_dir }}/{{ item.name }}/key.pem" --fullchain-file "{{ certs_dir }}/{{ item.name }}/cert.pem" --reloadcmd "/usr/local/bin/cert_reload_{{ item.name }}.sh"
+    chdir: ~/.acme.sh
+  loop: "{{ domains }}"
+  loop_control:
+    index_var: domains_index
+  register: install_cert_result
+  changed_when: cert_result.results[domains_index].changed
+  failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr