1
0
forked from infra/ansible
infra/roles/certmgr/tasks/main.yml

46 lines
1.2 KiB
YAML
Raw Normal View History

2016-02-28 15:19:21 +01:00
---
- name: Enable backports
apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
2016-02-28 15:19:21 +01:00
- name: Install dependencies
apt: name={{ item }} state=present
with_items:
- git
2016-02-28 15:19:21 +01:00
- python-dateutil
- python-yaml
- name: Install python-openssl
apt: name=python-openssl default_release=jessie-backports state=latest
2016-02-28 15:19:21 +01:00
- name: Install acertmgr
git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=6e9742ca8b73aa4db70475fd1fcd97543559b140
2016-02-28 15:19:21 +01:00
- name: Create config directories
file: path={{ item }} state=directory mode=0755
with_items:
- /etc/acme
- /etc/acme/domains.d
- name: Configure acertmgr
template: src=acme.conf.j2 dest=/etc/acme/acme.conf
- name: Create private keys
2016-02-28 15:19:21 +01:00
command: openssl genrsa -out {{ item }} 4096 creates={{ item }}
with_items:
- /etc/acme/account.key
- /etc/acme/server.key
- name: Ensure private key permissoins
2016-02-28 15:19:21 +01:00
file: path={{ item }} owner=root mode=0400
with_items:
- /etc/acme/account.key
- /etc/acme/server.key
- name: Create challenge directory
file: path=/var/www/acme-challenge/ owner=root mode=0755 state=directory
2016-02-28 15:19:21 +01:00
#- name: Enable acertmgr cronjob
# cron: name=certmgr special_time=daily job=/opt/acertmgr/acertmgr.py
# tags: certmgr