|
|
|
- name: set acme_dns_cfg
|
|
|
|
set_fact:
|
|
|
|
acme_dns_cfg: "{{ acme_dns_default_config | d({}) |
|
|
|
|
combine(acme_dns_config | d({}), recursive=true) }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: install dependencies
|
|
|
|
include_tasks: tasks/install_packages.yml
|
|
|
|
vars:
|
|
|
|
package:
|
|
|
|
- libcap
|
|
|
|
|
|
|
|
|
|
|
|
- name: create user and group
|
|
|
|
include_tasks: tasks/create_user.yml
|
|
|
|
vars:
|
|
|
|
user:
|
|
|
|
name: "{{ acme_dns_user }}"
|
|
|
|
group: "{{ acme_dns_group }}"
|
|
|
|
dir: "{{ acme_dns_dir }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: get and extract latest version of acme-dns
|
|
|
|
include_tasks: tasks/get_lastversion.yml
|
|
|
|
vars:
|
|
|
|
package:
|
|
|
|
name: fritterhoff/acme-dns
|
|
|
|
location: github
|
|
|
|
assets: yes
|
|
|
|
asset_filter: 'Linux_amd64.tar.gz$'
|
|
|
|
file: "{{ (acme_dns_dir, 'last_version') | path_join }}"
|
|
|
|
extract: "{{ acme_dns_dir }}"
|
|
|
|
user: "{{ acme_dns_user }}"
|
|
|
|
group: "{{ acme_dns_group }}"
|
|
|
|
notify: restart acme-dns
|
|
|
|
|
|
|
|
|
|
|
|
- name: delete unnecessary files
|
|
|
|
file:
|
|
|
|
path: "{{ (acme_dns_dir, item) | path_join }}"
|
|
|
|
state: absent
|
|
|
|
loop:
|
|
|
|
- CHANGELOG.md
|
|
|
|
- LICENSE
|
|
|
|
- README.md
|
|
|
|
|
|
|
|
|
|
|
|
- name: template acme-dns config
|
|
|
|
template:
|
|
|
|
src: config.j2
|
|
|
|
dest: "{{ (acme_dns_dir, 'config.cfg') | path_join }}"
|
|
|
|
force: yes
|
|
|
|
mode: 0400
|
|
|
|
owner: "{{ acme_dns_user }}"
|
|
|
|
group: "{{ acme_dns_group }}"
|
|
|
|
lstrip_blocks: yes
|
|
|
|
notify: restart acme-dns
|
|
|
|
|
|
|
|
|
|
|
|
- name: template init script
|
|
|
|
template:
|
|
|
|
src: init.j2
|
|
|
|
dest: /etc/init.d/acme-dns
|
|
|
|
force: yes
|
|
|
|
mode: "+x"
|
|
|
|
notify: restart acme-dns
|
|
|
|
when: ansible_distribution == 'Alpine'
|
|
|
|
|
|
|
|
|
|
|
|
- name: ensure acme-dns binary has executable bit set
|
|
|
|
file:
|
|
|
|
path: "{{ (acme_dns_dir, 'acme-dns') | path_join }}"
|
|
|
|
mode: "+x"
|
|
|
|
|
|
|
|
|
|
|
|
- name: add cap_net_bind_service to acme-dns executable
|
|
|
|
community.general.capabilities:
|
|
|
|
path: "{{ (acme_dns_dir, 'acme-dns') | path_join }}"
|
|
|
|
capability: cap_net_bind_service+ep
|
|
|
|
changed_when: no
|
|
|
|
|
|
|
|
|
|
|
|
- name: flush handlers
|
|
|
|
meta: flush_handlers
|
|
|
|
|
|
|
|
|
|
|
|
- name: add reverse proxy config
|
|
|
|
include_role:
|
|
|
|
name: rproxy
|
|
|
|
tasks_from: add.yml
|
|
|
|
vars:
|
|
|
|
rproxy_config:
|
|
|
|
port: "{{ acme_dns_api_port }}"
|
|
|
|
acme:
|
|
|
|
server: "http://127.0.0.1:{{ acme_dns_api_port }}"
|
|
|
|
nginx: rproxy_nginx.j2
|
|
|
|
caddy_reverse_proxy_handlers:
|
|
|
|
- handler: reverse_proxy
|
|
|
|
upstreams:
|
|
|
|
- dial: "127.0.0.1:{{ acme_dns_api_port }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: add directories to backup plan
|
|
|
|
include_role:
|
|
|
|
name: backup
|
|
|
|
tasks_from: add.yml
|
|
|
|
vars:
|
|
|
|
backup_items:
|
|
|
|
- "{{ acme_dns_dir }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: enable and start acme-dns
|
|
|
|
service:
|
|
|
|
name: acme-dns
|
|
|
|
state: started
|
|
|
|
enabled: yes
|