2024-05-25 21:11:17 +01:00
|
|
|
- name: SSL Setup
|
2024-05-28 21:03:37 +01:00
|
|
|
hosts:
|
|
|
|
- mx1
|
|
|
|
- mx2
|
2024-05-25 21:11:17 +01:00
|
|
|
remote_user: root
|
|
|
|
vars_files:
|
|
|
|
- vars.yml
|
|
|
|
tasks:
|
|
|
|
- name: Create vhost directories
|
|
|
|
file:
|
|
|
|
path: "/var/www/vhosts/{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: www
|
2024-05-28 21:03:37 +01:00
|
|
|
with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
|
2024-05-25 21:11:17 +01:00
|
|
|
|
|
|
|
- name: Install httpd.conf
|
|
|
|
template:
|
|
|
|
src: "templates/httpd.conf"
|
|
|
|
dest: "/etc/httpd.conf"
|
|
|
|
|
|
|
|
- name: Enable and start httpd
|
|
|
|
service:
|
|
|
|
name: httpd
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
|
|
|
|
- name: Install acme-client.conf
|
|
|
|
template:
|
|
|
|
src: "templates/acme-client.conf"
|
|
|
|
dest: "/etc/acme-client.conf"
|
|
|
|
|
|
|
|
- name: Initial acme-client run
|
|
|
|
command: "/usr/sbin/acme-client {{ item }}"
|
|
|
|
args:
|
|
|
|
creates: "/etc/ssl/{{ item }}.fullchain.pem"
|
2024-05-28 21:03:37 +01:00
|
|
|
with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
|
2024-05-25 21:11:17 +01:00
|
|
|
notify:
|
|
|
|
- reload httpd
|
|
|
|
|
|
|
|
- name: Renew certificates via root crontab
|
|
|
|
cron:
|
|
|
|
name: "acme-client renew {{ item }}"
|
|
|
|
minute: "0"
|
|
|
|
job: "sleep $((RANDOM \\% 2048)) && acme-client {{ item }} && rcctl reload httpd"
|
|
|
|
user: root
|
2024-05-28 21:03:37 +01:00
|
|
|
with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
|
2024-05-25 21:11:17 +01:00
|
|
|
|
|
|
|
handlers:
|
|
|
|
- name: reload httpd
|
|
|
|
service:
|
|
|
|
name: httpd
|
|
|
|
state: reloaded
|