63 lines
1.6 KiB
YAML
63 lines
1.6 KiB
YAML
|
---
|
||
|
- name: Install uacme rpm package
|
||
|
hosts: all
|
||
|
|
||
|
tasks:
|
||
|
- name: ping host
|
||
|
ansible.builtin.ping:
|
||
|
|
||
|
- name: Install nginx uacme config
|
||
|
ansible.builtin.copy:
|
||
|
src: uacme.nginx
|
||
|
dest: /etc/nginx/default.d/uacme.conf
|
||
|
owner: root
|
||
|
group: root
|
||
|
become: yes
|
||
|
|
||
|
- name: Check uacme account
|
||
|
ansible.builtin.stat:
|
||
|
path: "/etc/uacme.d/private/key.pem"
|
||
|
register: uacme_account
|
||
|
become: yes
|
||
|
|
||
|
- name: Create uacme account
|
||
|
ansible.builtin.command: uacme -v -y -c /etc/uacme.d new
|
||
|
when: not uacme_account.stat.exists
|
||
|
become: yes
|
||
|
|
||
|
- name: Create acme-challenge directory
|
||
|
ansible.builtin.file:
|
||
|
path: /var/www/html/.well-known/acme-challenge
|
||
|
state: directory
|
||
|
mode: '0755'
|
||
|
owner: root
|
||
|
group: root
|
||
|
become: yes
|
||
|
|
||
|
- name: Touch ssl-hosts file
|
||
|
ansible.builtin.file:
|
||
|
path: /root/ssl-hosts.txt
|
||
|
state: touch
|
||
|
mode: '0644'
|
||
|
owner: root
|
||
|
group: root
|
||
|
become: yes
|
||
|
|
||
|
- name: Add uacme job to crontab
|
||
|
ansible.builtin.cron:
|
||
|
name: "uacme"
|
||
|
minute: "0"
|
||
|
hour: "3"
|
||
|
job: /root/bin/uacme-certs.sh
|
||
|
become: yes
|
||
|
|
||
|
- name: Allow nginx access to acme-challenge
|
||
|
community.general.sefcontext:
|
||
|
target: /var/www/html/.well-known/acme-challenge
|
||
|
setype: httpd_sys_content_t
|
||
|
become: yes
|
||
|
|
||
|
- name: Apply new SELinux file context to filesystem
|
||
|
ansible.builtin.command: restorecon -irv /var/www/html/.well-known/acme-challenge
|
||
|
become: yes
|