added inventory and setup playbook

This commit is contained in:
Morgan McMillian 2022-12-08 22:42:39 -08:00
parent 7c60ca302d
commit b53d6b41c3
6 changed files with 84 additions and 2 deletions

View File

@ -23,4 +23,10 @@ $(source):
clean:
rm $(RPM) $(source)
.PHONY: clean
install:
ansible-playbook install.yml
setup:
ansible-playbook setup.yml
.PHONY: clean install setup

4
ansible.cfg Normal file
View File

@ -0,0 +1,4 @@
[defaults]
nocows = 1
inventory = hosts.yml
vault_password_file = ~/.vault-password

6
hosts.yml Normal file
View File

@ -0,0 +1,6 @@
all:
hosts:
vetinari.dreamfall.space:
ansible_become_password: "{{ lookup('community.general.keyring', 'ansible_vetinari thrrgilag') }}"
detritus.dreamfall.space:
ansible_become_password: "{{ lookup('community.general.keyring', 'ansible_detritus thrrgilag') }}"

View File

@ -1,6 +1,6 @@
---
- name: Install uacme rpm package
hosts: linodes
hosts: all
vars:
rpm_location: /home/thrrgilag/rpmbuild/RPMS/x86_64
rpm_file: uacme-1.7.3-1.x86_64.rpm

62
setup.yml Normal file
View File

@ -0,0 +1,62 @@
---
- name: Install uacme rpm package
hosts: all
tasks:
- name: ping host
ansible.builtin.ping:
- name: Install nginx uacme config
ansible.builtin.copy:
src: uacme.nginx
dest: /etc/nginx/default.d/uacme.conf
owner: root
group: root
become: yes
- name: Check uacme account
ansible.builtin.stat:
path: "/etc/uacme.d/private/key.pem"
register: uacme_account
become: yes
- name: Create uacme account
ansible.builtin.command: uacme -v -y -c /etc/uacme.d new
when: not uacme_account.stat.exists
become: yes
- name: Create acme-challenge directory
ansible.builtin.file:
path: /var/www/html/.well-known/acme-challenge
state: directory
mode: '0755'
owner: root
group: root
become: yes
- name: Touch ssl-hosts file
ansible.builtin.file:
path: /root/ssl-hosts.txt
state: touch
mode: '0644'
owner: root
group: root
become: yes
- name: Add uacme job to crontab
ansible.builtin.cron:
name: "uacme"
minute: "0"
hour: "3"
job: /root/bin/uacme-certs.sh
become: yes
- name: Allow nginx access to acme-challenge
community.general.sefcontext:
target: /var/www/html/.well-known/acme-challenge
setype: httpd_sys_content_t
become: yes
- name: Apply new SELinux file context to filesystem
ansible.builtin.command: restorecon -irv /var/www/html/.well-known/acme-challenge
become: yes

4
uacme.nginx Normal file
View File

@ -0,0 +1,4 @@
location /.well-known/acme-challenge {
alias /var/www/html/.well-known/acme-challenge;
try_files $uri $uri/ =404;
}