spacenerdmo/uacme-rpm
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity

Compare commits

base: spacenerdmo:5ba69005e6add458578d42e5e1c13385900ed3ee
Branches Tags
spacenerdmo:main
spacenerdmo:v1.7.4
..
compare: spacenerdmo:b53d6b41c3c1f2fb45e17385337e16cc24df2b5b
Branches Tags
spacenerdmo:main
spacenerdmo:v1.7.4

No commits in common. "5ba69005e6add458578d42e5e1c13385900ed3ee" and "b53d6b41c3c1f2fb45e17385337e16cc24df2b5b" have entirely different histories.
5ba69005e6 ... b53d6b41c3

6 changed files with 99 additions and 4 deletions
Show stats Expand all files Collapse all files

4
ansible.cfg Normal file
View file

@ -0,0 +1,4 @@
[defaults]
nocows = 1
inventory = hosts.yml
vault_password_file = ~/.vault-password

6
hosts.yml Normal file
View file

@ -0,0 +1,6 @@
all:
hosts:
vetinari.dreamfall.space:
ansible_become_password: "{{ lookup('community.general.keyring', 'ansible_vetinari thrrgilag') }}"
detritus.dreamfall.space:
ansible_become_password: "{{ lookup('community.general.keyring', 'ansible_detritus thrrgilag') }}"

22
install.yml Normal file
View file

@ -0,0 +1,22 @@
---
- name: Install uacme rpm package
hosts: all
vars:
rpm_location: /home/thrrgilag/rpmbuild/RPMS/x86_64
rpm_file: uacme-1.7.3-1.x86_64.rpm
tasks:
- name: ping host
ansible.builtin.ping:
- name: upload rpm
ansible.builtin.copy:
src: "{{ rpm_location }}/{{ rpm_file }}"
dest: /tmp
- name: install rpm
ansible.builtin.dnf:
name: /tmp/{{ rpm_file }}
state: latest
disable_gpg_check: yes
become: yes

62
setup.yml Normal file
View file

@ -0,0 +1,62 @@
---
- name: Install uacme rpm package
hosts: all
tasks:
- name: ping host
ansible.builtin.ping:
- name: Install nginx uacme config
ansible.builtin.copy:
src: uacme.nginx
dest: /etc/nginx/default.d/uacme.conf
owner: root
group: root
become: yes
- name: Check uacme account
ansible.builtin.stat:
path: "/etc/uacme.d/private/key.pem"
register: uacme_account
become: yes
- name: Create uacme account
ansible.builtin.command: uacme -v -y -c /etc/uacme.d new
when: not uacme_account.stat.exists
become: yes
- name: Create acme-challenge directory
ansible.builtin.file:
path: /var/www/html/.well-known/acme-challenge
state: directory
mode: '0755'
owner: root
group: root
become: yes
- name: Touch ssl-hosts file
ansible.builtin.file:
path: /root/ssl-hosts.txt
state: touch
mode: '0644'
owner: root
group: root
become: yes
- name: Add uacme job to crontab
ansible.builtin.cron:
name: "uacme"
minute: "0"
hour: "3"
job: /root/bin/uacme-certs.sh
become: yes
- name: Allow nginx access to acme-challenge
community.general.sefcontext:
target: /var/www/html/.well-known/acme-challenge
setype: httpd_sys_content_t
become: yes
- name: Apply new SELinux file context to filesystem
ansible.builtin.command: restorecon -irv /var/www/html/.well-known/acme-challenge
become: yes

4
uacme.nginx Normal file
View file

@ -0,0 +1,4 @@
location /.well-known/acme-challenge {
alias /var/www/html/.well-known/acme-challenge;
try_files $uri $uri/ =404;
}

5
uacme.spec
View file

@ -1,6 +1,6 @@
Name: uacme Name: uacme
Version: 1.7.4 Version: 1.7.3
Release: 1 Release: 1
Summary: Lightweight SSL certificate verification and issue client Summary: Lightweight SSL certificate verification and issue client
@ -91,9 +91,6 @@ which uacme --version
%doc AUTHORS ChangeLog NEWS README THANKS %doc AUTHORS ChangeLog NEWS README THANKS
%changelog %changelog
* Tue Feb 28 2023 Morgan McMillian <morgan@mcmillian.dev> 1.7.4-1
- Update to uacme 1.7.4
* Thu Dec 08 2022 Morgan McMillian <morgan@mcmillian.dev> 1.7.3-1 * Thu Dec 08 2022 Morgan McMillian <morgan@mcmillian.dev> 1.7.3-1
- Update to uacme 1.7.3 - Update to uacme 1.7.3