serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replace lego with acme_sh

Browse source
This commit is contained in:
Tobias Reisinger 2026-03-28 20:21:42 +01:00
parent 82f65d396f
commit 0237271b65
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
24 changed files with 176 additions and 247 deletions
Download patch file Download diff file Expand all files Collapse all files

69
playbooks/roles/acme_sh/tasks/main.yml Normal file
View file

@ -0,0 +1,69 @@
---
- name: Set common facts
ansible.builtin.import_tasks: tasks/set-default-facts.yml
- name: Import tasks to create service directory
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
# noqa: command-instead-of-module
- name: Install acme.sh
ansible.builtin.shell:
cmd: set -o pipefail && curl https://get.acme.sh | sh -s home={{ service_path }} --nocron
creates: "{{ (service_path, 'acme.sh') | path_join }}"
environment:
BRANCH: dev
- name: Register zerossl account
ansible.builtin.command:
cmd: ./acme.sh --register-account --server zerossl --eab-kid {{ acme_sh_eab_key_id }} --eab-hmac-key {{ acme_sh_eab_hmac_key }}
chdir: "{{ service_path }}"
environment: "{{ acme_sh_env }}"
register: acme_sh_cmd_result
changed_when: not (acme_sh_cmd_result.stdout | regex_search('Already registered$', multiline=True))
- name: Set default CA
ansible.builtin.command:
cmd: ./acme.sh --set-default-ca --server zerossl
chdir: "{{ service_path }}"
environment: "{{ acme_sh_env }}"
changed_when: false
- name: Set notifications
ansible.builtin.command:
cmd: ./acme.sh --set-notify --notify-hook ntfy
chdir: "{{ service_path }}"
environment: "{{ acme_sh_env }}"
changed_when: false
- name: Remove unwanted certificates
ansible.builtin.command:
cmd: ./acme.sh --remove -d {{ item.domain }}
chdir: "{{ service_path }}"
environment: "{{ acme_sh_env }}"
loop: "{{ acme_sh_unwanted_certificates }}"
register: acme_sh_cmd_result
changed_when: acme_sh_cmd_result.rc == 0
failed_when: false
- name: Get certificates
ansible.builtin.command:
cmd: ./acme.sh --issue --dns dns_acmedns -d {{ item.domain }}
chdir: "{{ service_path }}"
environment: "{{ acme_sh_env }}"
loop: "{{ acme_sh_certificates }}"
register: acme_sh_cmd_result
changed_when: true # TODO
failed_when: not acme_sh_cmd_result.rc in [0, 2]
- name: Deploy certificates
ansible.builtin.command:
cmd: ./acme.sh --deploy --deploy-hook {{ item.hook }} -d {{ item.domain }}
chdir: "{{ service_path }}"
environment: "{{ acme_sh_env | combine(item.parameters) }}"
loop: "{{ acme_sh_certificates }}"
register: acme_sh_cmd_result
changed_when: true # TODO
become: true
- name: Import systemd tasks
ansible.builtin.import_tasks: systemd.yml