๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/acme-dns/tasks/main.yml

114 lines
2.2 KiB

2 years ago
- name: set acme_dns_cfg
set_fact:
acme_dns_cfg: "{{ acme_dns_default_config | d({}) | combine(acme_dns_config | d({}), recursive=true) }}"
- name: install dependencies
include_tasks: tasks/install_packages.yml
vars:
package:
- libcap
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ acme_dns_user }}"
group: "{{ acme_dns_group }}"
dir: "{{ acme_dns_dir }}"
- name: get and extract latest version of acme-dns
include_tasks: tasks/get_lastversion.yml
vars:
package:
name: fritterhoff/acme-dns
location: github
assets: yes
asset_filter: 'Linux_amd64.tar.gz$'
file: "{{ acme_dns_dir }}/last_version"
extract: "{{ acme_dns_dir }}"
user: "{{ acme_dns_user }}"
group: "{{ acme_dns_group }}"
notify: restart acme-dns
- name: delete unnecessary files
file:
path: "{{ acme_dns_dir }}/{{ item }}"
state: absent
loop:
- CHANGELOG.md
- LICENSE
- README.md
- name: template acme-dns config
template:
src: config.j2
dest: "{{ acme_dns_dir }}/config.cfg"
force: yes
mode: 0400
owner: "{{ acme_dns_user }}"
group: "{{ acme_dns_group }}"
lstrip_blocks: yes
notify: restart acme-dns
- name: template init script
template:
src: init.j2
dest: /etc/init.d/acme-dns
force: yes
mode: "+x"
notify: restart acme-dns
- name: ensure acme-dns binary has executable bit set
file:
path: "{{ acme_dns_dir }}/acme-dns"
mode: "+x"
- name: add cap_net_bind_service to acme-dns executable
community.general.capabilities:
path: "{{ acme_dns_dir }}/acme-dns"
capability: cap_net_bind_service+ep
changed_when: no
- name: set acme server address
set_fact:
acme_server: "http://127.0.0.1:{{ acme_dns_api_port }}"
- name: install and configure nginx
include_role:
name: nginx
vars:
nginx:
servers:
- conf: nginx_server
certs: "{{ host_tls }}"
- name: flush handlers
meta: flush_handlers
- name: add directories to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ acme_dns_dir }}"
- name: enable and start acme-dns
service:
name: acme-dns
state: started
enabled: yes