Added passwords for nextcloud, onlyoffice, bitwarden // Restructured folders
commit
e610c9274f
|
@ -0,0 +1,88 @@
|
|||
---
|
||||
- name: Install dependencies
|
||||
become: yes
|
||||
apt:
|
||||
pkg:
|
||||
- oathtool
|
||||
|
||||
- name: Determine if acme.sh is installed
|
||||
become: yes
|
||||
stat:
|
||||
path: "~/.acme.sh/acme.sh"
|
||||
register: is_acme_sh_installed
|
||||
|
||||
- name: Get acme.sh Installer
|
||||
become: yes
|
||||
get_url:
|
||||
url: https://get.acme.sh
|
||||
dest: /tmp/acme.sh
|
||||
mode: '0700'
|
||||
when: not is_acme_sh_installed.stat.exists
|
||||
|
||||
- name: Install acme.sh
|
||||
become: yes
|
||||
shell: "sh /tmp/acme.sh email={{ acme_email }}"
|
||||
when: not is_acme_sh_installed.stat.exists
|
||||
|
||||
- name: Upgrade acme.sh
|
||||
become: yes
|
||||
shell:
|
||||
cmd: ./acme.sh --upgrade
|
||||
chdir: ~/.acme.sh
|
||||
when: is_acme_sh_installed.stat.exists
|
||||
register: upgrade_result
|
||||
changed_when: upgrade_result.rc == 0 and "Upgrade success" in upgrade_result.stdout and not "Already uptodate" in upgrade_result.stdout
|
||||
|
||||
- name: Issue certificates
|
||||
become: yes
|
||||
shell:
|
||||
cmd: ./acme.sh --issue -d {{ item.name }} -d '*.{{ item.name }}' --dns dns_{{ item.dns_provider }}
|
||||
chdir: ~/.acme.sh
|
||||
environment:
|
||||
INWX_User: gkrause
|
||||
INWX_Password: "{{ inwx_pass }}"
|
||||
INWX_Shared_Secret: "{{ inwx_shared }}"
|
||||
GANDI_LIVEDNS_KEY: "{{ gandi_livedns_key }}"
|
||||
loop: "{{ domains }}"
|
||||
register: cert_result
|
||||
changed_when: cert_result.rc == 0 and "Cert success." in cert_result.stdout
|
||||
failed_when:
|
||||
- "'Domains not changed' not in cert_result.stdout"
|
||||
- "'Cert success.' not in cert_result.stdout"
|
||||
|
||||
- name: Make sure certs dir exists
|
||||
become: yes
|
||||
file:
|
||||
path: "{{ certs_dir }}/{{ item.name }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
loop: "{{ domains }}"
|
||||
|
||||
- name: Place nginx reload command to cert reload script
|
||||
become: yes
|
||||
lineinfile:
|
||||
path: "/usr/local/bin/cert_reload_{{ item.name }}.sh"
|
||||
line: "systemctl reload nginx"
|
||||
create: yes
|
||||
loop: "{{ domains }}"
|
||||
|
||||
- name: Ensure reload script has correct permissions
|
||||
become: yes
|
||||
file:
|
||||
path: "/usr/local/bin/cert_reload_{{ item.name }}.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
loop: "{{ domains }}"
|
||||
|
||||
- name: Install certificates
|
||||
become: yes
|
||||
shell:
|
||||
cmd: ./acme.sh --install-cert -d "{{ item.name }}" --key-file "{{ certs_dir }}/{{ item.name }}/key.pem" --fullchain-file "{{ certs_dir }}/{{ item.name }}/cert.pem" --reloadcmd "/usr/local/bin/cert_reload_{{ item.name }}.sh"
|
||||
chdir: ~/.acme.sh
|
||||
loop: "{{ domains }}"
|
||||
loop_control:
|
||||
index_var: domains_index
|
||||
register: install_cert_result
|
||||
changed_when: cert_result.results[domains_index].changed
|
||||
failed_when: install_cert_result.rc != 0 and "Reload error for" not in install_cert_result.stderr
|
Loading…
Reference in New Issue