forked from infra/ansible
93 lines
2.5 KiB
YAML
93 lines
2.5 KiB
YAML
---
|
|
- name: Create acme home directory
|
|
file:
|
|
path: "{{ acme_home }}"
|
|
state: "directory"
|
|
|
|
- name: Get nsupdate.key
|
|
shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_nsupdate_keyalgo }}'"
|
|
register: "pdns_nsupdate_key"
|
|
failed_when: "False"
|
|
changed_when: "False"
|
|
delegate_to: "{{ acme_nsupdate_server }}"
|
|
|
|
- name: Update updatepolicy.aliases
|
|
lineinfile:
|
|
path: "/etc/powerdns/updatepolicy.aliases"
|
|
line: 'alias["{{ inventory_hostname }}."] = {}'
|
|
delegate_to: "{{ acme_nsupdate_server }}"
|
|
|
|
- name: Update updatepolicy.aliases
|
|
lineinfile:
|
|
path: "/etc/powerdns/updatepolicy.aliases"
|
|
line: 'alias["{{ inventory_hostname }}."]["{{ item }}."] = "{{ item }}."'
|
|
loop: "{{ acme_san_domains }}"
|
|
delegate_to: "{{ acme_nsupdate_server }}"
|
|
|
|
- name: Generate nsupdate.key
|
|
shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_nsupdate_keyalgo }}'"
|
|
register: "pdns_nsupdate_genkey"
|
|
when: "pdns_nsupdate_key is defined and pdns_nsupdate_key.rc != 0"
|
|
delegate_to: "{{ acme_nsupdate_server }}"
|
|
|
|
- name: Get nsupdate.key again
|
|
shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_nsupdate_keyalgo }}'"
|
|
register: "pdns_nsupdate_key"
|
|
when: "pdns_nsupdate_genkey is defined"
|
|
changed_when: "False"
|
|
delegate_to: "{{ acme_nsupdate_server }}"
|
|
|
|
- name: Write nsupdate.key to file
|
|
template:
|
|
src: "nsupdate.key.j2"
|
|
dest: "{{ acme_nsupdate_key }}"
|
|
when: "pdns_nsupdate_key is defined"
|
|
|
|
- name: Check acme.sh exists
|
|
stat:
|
|
path: "{{ acme_home }}/acme.sh"
|
|
register: "stat_acme_sh"
|
|
|
|
- name: Fetch acme.sh
|
|
get_url:
|
|
url: "{{ acme_sh_url }}"
|
|
dest: "/tmp/acme.sh"
|
|
mode: "0755"
|
|
register: "fetch_acme_sh"
|
|
when: "not stat_acme_sh.stat.exists"
|
|
|
|
- name: Install acme.sh
|
|
shell: "./acme.sh --home '{{ acme_home }}' --install"
|
|
args:
|
|
chdir: "/tmp"
|
|
creates: "{{ acme_home }}/acme.sh"
|
|
when: "fetch_acme_sh is defined"
|
|
|
|
- name: Create acme dnsapi directory
|
|
file:
|
|
path: "{{ acme_home }}/dnsapi"
|
|
state: "directory"
|
|
|
|
- name: Fetch acme.sh dns_nsupdate
|
|
get_url:
|
|
url: "{{ acme_dns_nsupdate_url }}"
|
|
dest: "{{ acme_home }}/dnsapi/"
|
|
mode: "0755"
|
|
|
|
- name: Create acme certificate directory
|
|
file:
|
|
path: "{{ acme_home }}/{{ inventory_hostname }}"
|
|
state: "directory"
|
|
|
|
- name: Copy reload.sh
|
|
copy:
|
|
src: "reload.sh"
|
|
dest: "{{ acme_reloadcmd }}"
|
|
mode: "0755"
|
|
|
|
- name: Issue certificate
|
|
shell: "{{ lookup('template','acme.sh.request.j2').replace('\n',' ') }}"
|
|
args:
|
|
chdir: "{{ acme_home }}"
|
|
creates: "{{ acme_cert }}"
|