Extract playbook actions to roles

2026-01-10 13:05:17 +00:00 · 2024-05-31 01:17:29 +03:00
parent 311d6ce925
commit 5ee8b48ff7
38 changed files with 414 additions and 463 deletions
--- a/ansible/roles/ssl/tasks/main.yml
+++ b/ansible/roles/ssl/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Create vhost directories
+  file:
+    path: "/var/www/vhosts/{{ item }}"
+    state: directory
+    owner: www
+  with_items: "{{ domains }}"
+
+- name: Install httpd.conf
+  template:
+    src: "templates/httpd.conf"
+    dest: "/etc/httpd.conf"
+
+- name: Enable and start httpd
+  service:
+    name: httpd
+    enabled: yes
+    state: started
+
+- name: Install acme-client.conf
+  template:
+    src: "templates/acme-client.conf"
+    dest: "/etc/acme-client.conf"
+
+- name: Initial acme-client run
+  command: "/usr/sbin/acme-client {{ item }}"
+  args:
+    creates: "/etc/ssl/{{ item }}.fullchain.pem"
+  with_items: "{{ domains }}"
+  notify:
+    - reload httpd
+
+- name: Renew certificates via root crontab
+  cron:
+    name: "acme-client renew {{ item }}"
+    minute: "0"
+    job: "sleep $((RANDOM \\% 2048)) && acme-client {{ item }} && rcctl reload httpd"
+    user: root
+  with_items: "{{ domains }}"