69 lines
2.3 KiB
YAML
69 lines
2.3 KiB
YAML
---
|
|
- name: Set common facts
|
|
ansible.builtin.import_tasks: tasks/set-default-facts.yml
|
|
|
|
- name: Import tasks to create service directory
|
|
ansible.builtin.import_tasks: tasks/steps/create-service-directory.yml
|
|
|
|
# noqa: command-instead-of-module
|
|
- name: Install acme.sh
|
|
ansible.builtin.shell:
|
|
cmd: set -o pipefail && curl https://get.acme.sh | sh -s home={{ service_path }} --nocron
|
|
creates: "{{ (service_path, 'acme.sh') | path_join }}"
|
|
environment:
|
|
BRANCH: dev
|
|
|
|
- name: Register zerossl account
|
|
ansible.builtin.command:
|
|
cmd: ./acme.sh --register-account --server zerossl --eab-kid {{ acme_sh_eab_key_id }} --eab-hmac-key {{ acme_sh_eab_hmac_key }}
|
|
chdir: "{{ service_path }}"
|
|
environment: "{{ acme_sh_env }}"
|
|
register: acme_sh_cmd_result
|
|
changed_when: not (acme_sh_cmd_result.stdout | regex_search('Already registered$', multiline=True))
|
|
|
|
- name: Set default CA
|
|
ansible.builtin.command:
|
|
cmd: ./acme.sh --set-default-ca --server zerossl
|
|
chdir: "{{ service_path }}"
|
|
environment: "{{ acme_sh_env }}"
|
|
changed_when: false
|
|
|
|
- name: Set notifications
|
|
ansible.builtin.command:
|
|
cmd: ./acme.sh --set-notify --notify-hook ntfy
|
|
chdir: "{{ service_path }}"
|
|
environment: "{{ acme_sh_env }}"
|
|
changed_when: false
|
|
|
|
- name: Remove unwanted certificates
|
|
ansible.builtin.command:
|
|
cmd: ./acme.sh --remove -d {{ item.domain }}
|
|
chdir: "{{ service_path }}"
|
|
environment: "{{ acme_sh_env }}"
|
|
loop: "{{ acme_sh_unwanted_certificates }}"
|
|
register: acme_sh_cmd_result
|
|
changed_when: acme_sh_cmd_result.rc == 0
|
|
failed_when: false
|
|
|
|
- name: Get certificates
|
|
ansible.builtin.command:
|
|
cmd: ./acme.sh --issue --dns dns_acmedns -d {{ item.domain }}
|
|
chdir: "{{ service_path }}"
|
|
environment: "{{ acme_sh_env }}"
|
|
loop: "{{ acme_sh_certificates }}"
|
|
register: acme_sh_cmd_result
|
|
changed_when: true # TODO
|
|
failed_when: not acme_sh_cmd_result.rc in [0, 2]
|
|
|
|
- name: Deploy certificates
|
|
ansible.builtin.command:
|
|
cmd: ./acme.sh --deploy --deploy-hook {{ item.hook }} -d {{ item.domain }}
|
|
chdir: "{{ service_path }}"
|
|
environment: "{{ acme_sh_env | combine(item.parameters) }}"
|
|
loop: "{{ acme_sh_certificates }}"
|
|
register: acme_sh_cmd_result
|
|
changed_when: true # TODO
|
|
become: true
|
|
|
|
- name: Import systemd tasks
|
|
ansible.builtin.import_tasks: systemd.yml
|