83 lines
2.8 KiB
YAML
83 lines
2.8 KiB
YAML
|
---
|
||
|
|
||
|
- name: APT | Install git
|
||
|
apt: pkg=git
|
||
|
|
||
|
- name: SET_FACT | Assign default..
|
||
|
set_fact:
|
||
|
acme_create: []
|
||
|
|
||
|
- name: STAT | Check acme.sh is installed
|
||
|
stat:
|
||
|
path: "{{ nginx_acmesh_dir }}"
|
||
|
register: acme
|
||
|
|
||
|
- block:
|
||
|
|
||
|
- name: GIT | Get acme.sh
|
||
|
git:
|
||
|
repo: 'https://github.com/Neilpang/acme.sh.git'
|
||
|
dest: '{{ nginx_acmesh_git_dir }}'
|
||
|
update: no
|
||
|
|
||
|
- name: SHELL | Install acme.sh
|
||
|
shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }}
|
||
|
args:
|
||
|
chdir: "{{ nginx_acmesh_git_dir }}"
|
||
|
creates: "{{ nginx_acmesh_dir }}"
|
||
|
|
||
|
when: not acme.stat.exists
|
||
|
|
||
|
- name: STAT | Check if certificates are already installed
|
||
|
stat:
|
||
|
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
|
||
|
with_items: "{{ nginx_ssl_pairs }}"
|
||
|
when: item.acme is defined and item.acme
|
||
|
register: acme_installed_certs
|
||
|
|
||
|
- name: SET_FACT | Assign var with certificates to create
|
||
|
set_fact:
|
||
|
acme_create: "{{ acme_create | default([]) + [ (item.item | combine({'listen': ([item.item.acme_port]|default([])) }) ) ] }}"
|
||
|
with_items: "{{ acme_installed_certs.results }}"
|
||
|
when: item.skipped is not defined and not item.stat.exists
|
||
|
|
||
|
- name: TEMPLATE | Create fake site
|
||
|
template:
|
||
|
src: "etc/nginx/sites-available/_base.j2"
|
||
|
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
||
|
with_items: "{{ acme_create }}"
|
||
|
register: fake_site
|
||
|
|
||
|
- name: SERVICE | Reload nginx
|
||
|
service:
|
||
|
name: nginx
|
||
|
state: reloaded
|
||
|
when: fake_site.changed
|
||
|
|
||
|
- name: SHELL | Get certificates
|
||
|
shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
|
||
|
args:
|
||
|
creates: "/opt/acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
|
||
|
with_items: "{{ acme_create }}"
|
||
|
register: acme_get
|
||
|
failed_when: acme_get.rc != 0 and acme_get.rc != 2
|
||
|
|
||
|
- name: FILE | Create SSL dir per site
|
||
|
file:
|
||
|
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
|
||
|
with_items: "{{ acme_create }}"
|
||
|
|
||
|
- name: SHELL | Install certificates
|
||
|
shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key'
|
||
|
args:
|
||
|
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
|
||
|
with_items: "{{ nginx_ssl_pairs }}"
|
||
|
when: item.acme is defined and item.acme
|
||
|
notify: restart nginx
|
||
|
|
||
|
- name: FILE | Delete fake sites
|
||
|
file:
|
||
|
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
|
||
|
state: absent
|
||
|
with_items: "{{ acme_create }}"
|