parent
ac4de942ba
commit
bdbca4a90e
@ -1,11 +1,3 @@ |
||||
lego_dir: /opt/lego |
||||
lego_lastrun_file: "{{ (lego_dir, 'lastrun') | path_join }}" |
||||
|
||||
lego_user: root |
||||
lego_group: root |
||||
|
||||
# hardcoded in acmedns_client and cannot be changed |
||||
lego_acmedns_client_dir: /etc/acmedns |
||||
lego_acmedns_client_file: /etc/acmedns/clientstorage.json |
||||
lego_acmedns_client_bin_dir: /opt/acme-client |
||||
|
||||
lego_cert_dir: /etc/lego |
||||
lego_accounts_file: "{{ (lego_cert_dir, 'accounts.conf') | path_join }}" |
||||
|
||||
@ -1,88 +0,0 @@ |
||||
- name: determine host architecture |
||||
include_tasks: tasks/get_host_arch.yml |
||||
|
||||
|
||||
- name: create acme-client directory |
||||
file: |
||||
path: "{{ item }}" |
||||
state: directory |
||||
mode: 0700 |
||||
owner: "{{ caddy_user }}" |
||||
group: "{{ caddy_group }}" |
||||
loop: |
||||
- "{{ caddy_acmedns_client_bin_dir }}" |
||||
- "{{ caddy_acmedns_client_dir }}" |
||||
|
||||
|
||||
- name: get and extract latest acme-dns-client version |
||||
include_tasks: tasks/get_lastversion.yml |
||||
vars: |
||||
package: |
||||
name: acme-dns/acme-dns-client |
||||
location: github |
||||
assets: yes |
||||
asset_filter: "{{ 'linux_' ~ host_architecture ~ '.tar.gz$' }}" |
||||
file: "{{ (caddy_acmedns_client_bin_dir, 'last_acme_client_version') | path_join }}" |
||||
extract: "{{ caddy_acmedns_client_bin_dir }}" |
||||
user: "{{ caddy_user }}" |
||||
group: "{{ caddy_group }}" |
||||
|
||||
|
||||
- name: ensure acme-dns-client binary has executable bit set |
||||
file: |
||||
path: "{{ (caddy_acmedns_client_bin_dir, 'acme-dns-client') | path_join }}" |
||||
mode: "+x" |
||||
|
||||
|
||||
- block: |
||||
- name: remove unnecessary files |
||||
file: |
||||
path: "{{ (caddy_acmedns_client_bin_dir, item) | path_join }}" |
||||
state: absent |
||||
loop: |
||||
- LICENSE |
||||
- README.md |
||||
rescue: |
||||
- meta: noop |
||||
|
||||
|
||||
- name: clear acme-dns-client domain fact |
||||
set_fact: |
||||
acmedns_current_domains: "{{ [] }}" |
||||
|
||||
|
||||
- name: check if acme-dns-client config exists |
||||
stat: |
||||
path: "{{ caddy_acmedns_client_file }}" |
||||
get_checksum: no |
||||
get_attributes: no |
||||
get_mime: no |
||||
register: result |
||||
|
||||
|
||||
- block: |
||||
- name: get acme-dns-client config file |
||||
slurp: |
||||
path: "{{ caddy_acmedns_client_file }}" |
||||
register: file_content |
||||
|
||||
- name: set acme-dns-client domain fact |
||||
set_fact: |
||||
acmedns_current_domains: "{{ file_content.content | b64decode | from_json | dict2items | map(attribute='key') | list }}" |
||||
|
||||
when: result.stat.exists |
||||
no_log: yes |
||||
|
||||
|
||||
- name: show domain information |
||||
debug: |
||||
msg: | |
||||
acme-dns-client currently manages these FQDNs: {{ '(none)' if acmedns_current_domains | length == 0 else acmedns_current_domains | join(', ') }} |
||||
acme-dns-client does not yet manage these FQDNs: {{ caddy_domains | difference(acmedns_current_domains) | join(', ') }} |
||||
|
||||
|
||||
- name: register a record with acme-dns-client for each unmanaged domain |
||||
include_tasks: register_acme_domain.yml |
||||
vars: |
||||
domain: "{{ item }}" |
||||
loop: "{{ caddy_domains | difference(acmedns_current_domains) }}" |
||||
@ -1,19 +0,0 @@ |
||||
- name: call acme-dns-client |
||||
expect: |
||||
command: "./acme-dns-client register -d {{ domain | quote }} -s {{ acme_dns_server_url | quote }}" |
||||
chdir: "{{ caddy_acmedns_client_bin_dir }}" |
||||
echo: yes |
||||
responses: |
||||
'Do you want acme-dns-client to monitor the CNAME record change?': 'n' |
||||
'Do you wish to set up a CAA record now?': 'n' |
||||
become: yes |
||||
become_method: "{{ 'su' if ansible_distribution == 'Alpine' else 'sudo' }}" |
||||
become_user: "{{ caddy_user }}" |
||||
register: result |
||||
changed_when: yes |
||||
failed_when: not ('successfully registered' in result.stdout) |
||||
|
||||
|
||||
- name: pause if acme-dns-client registered a new record |
||||
pause: |
||||
when: result.changed and (interactive | d(true) == true) |
||||
@ -0,0 +1,22 @@ |
||||
{%- set cert_base = (lego_cert_dir, 'certificates', lego_job_name ~ '.') | path_join -%} |
||||
|
||||
|
||||
#!/bin/sh |
||||
|
||||
{{ (acme_cfg.run_before_renew ~ ' &>/dev/null') if acme_cfg.run_before_renew is defined else '' }} |
||||
|
||||
{%- if acme_cfg.cert is defined %} |
||||
cp -fpT {{ (cert_base ~ 'crt') | quote }} {{ acme_cfg.cert | quote }} |
||||
{% if acme_cfg.owner is defined -%} |
||||
chown -f {{ acme_cfg.owner ~ ((':' ~ acme_cfg.group) if acme_cfg.group is defined else '') }} {{ acme_cfg.cert | quote }} |
||||
{% endif -%} |
||||
{% endif -%} |
||||
|
||||
{% if acme_cfg.key is defined -%} |
||||
cp -fpT {{ (cert_base ~ 'key') | quote }} {{ acme_cfg.key | quote }} |
||||
{% if acme_cfg.owner is defined -%} |
||||
chown -f {{ acme_cfg.owner ~ ((':' ~ acme_cfg.group) if acme_cfg.group is defined else '') }} {{ acme_cfg.key | quote }} |
||||
{% endif -%} |
||||
{% endif -%} |
||||
|
||||
{{ (acme_cfg.run_after_renew ~ ' &>/dev/null &') if acme_cfg.run_after_renew is defined else '' }} |
||||
Loading…
Reference in new issue