๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/ca/tasks/install_acme.yml

40 lines
1.3 KiB

2 years ago
- name: select key type for acme
set_fact:
kt: "{{ ca_key_types | selectattr('name', 'equalto', ca_acme_account_key_type | d('ecc384')) | list | first }}"
- name: generate acme account keys
community.crypto.openssl_privatekey:
path: "{{ ca_dir ~ '/acme-' ~ item ~ '.' ~ ca_key_ext }}"
size: "{{ kt.size | d(omit) }}"
curve: "{{ kt.curve | d(omit) }}"
type: "{{ kt.type }}"
backup: yes
cipher: auto
force: no
format: pkcs8
format_mismatch: convert
passphrase: "{{ ca_acme_account_key_password }}"
regenerate: never
mode: 0600
loop:
- main
- staging
- name: create acme accounts
community.crypto.acme_account:
account_key_src: "{{ ca_dir ~ '/acme-' ~ item ~ '.' ~ ca_key_ext }}"
account_key_passphrase: "{{ ca_acme_account_key_password }}"
acme_directory: "{%- if item == 'main' -%}{{ ca_acme_endpoint | d('https://acme-v02.api.letsencrypt.org/directory') }}\
{%- else -%}{{ ca_acme_staging_endpoint | d('https://acme-staging-v02.api.letsencrypt.org/directory') }}\
{%- endif -%}"
acme_version: "{{ ca_acme_version | d(2) }}"
contact:
- "mailto:{{ maintainer_email | d('admin@' ~ tld) }}"
state: present
terms_agreed: yes
loop:
- main
- staging