diff --git a/roles/certmgr/tasks/main.yml b/roles/certmgr/tasks/main.yml new file mode 100644 index 0000000..97364eb --- /dev/null +++ b/roles/certmgr/tasks/main.yml @@ -0,0 +1,41 @@ +--- + +- name: Install dependencies + apt: name={{ item }} state=present + with_items: + - python-dateutil + - python-yaml + tags: certmgr + +- name: Install acertmgr + git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=e54caefff08809c09084df4f7d3604cb4d1c0db8 + tags: certmgr + +- name: Create config directories + file: path={{ item }} state=directory mode=0755 + with_items: + - /etc/acme + - /etc/acme/domains.d + tags: certmgr + +- name: Configure acertmgr + template: src=acme.conf.j2 dest=/etc/acme/acme.conf + tags: certmgr + +- name: Create certificates + command: openssl genrsa -out {{ item }} 4096 creates={{ item }} + with_items: + - /etc/acme/account.key + - /etc/acme/server.key + tags: certmgr + +- name: Ensure certificate permissoins + file: path={{ item }} owner=root mode=0400 + with_items: + - /etc/acme/account.key + - /etc/acme/server.key + tags: certmgr + +#- name: Enable acertmgr cronjob +# cron: name=certmgr special_time=daily job=/opt/acertmgr/acertmgr.py +# tags: certmgr diff --git a/roles/certmgr/templates/acme.conf.j2 b/roles/certmgr/templates/acme.conf.j2 new file mode 100644 index 0000000..ecb70f2 --- /dev/null +++ b/roles/certmgr/templates/acme.conf.j2 @@ -0,0 +1,7 @@ +--- + +mode: standalone +webdir: /var/www/acme-challenge/ +ttl_days: 30 + +defaults: diff --git a/site.yml b/site.yml index 028a38c..9121076 100644 --- a/site.yml +++ b/site.yml @@ -9,4 +9,5 @@ - name: Setup test mail server hosts: mail.binary-kitchen.com roles: + - certmgr - mail