๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
ansible-playbooks/roles/acme-dns/tasks/main.yml

116 lines
2.5 KiB

- name: set acme_dns_cfg
set_fact:
acme_dns_cfg: "{{ acme_dns_default_config | d({}) |
combine(acme_dns_config | d({}), recursive=true) }}"
- name: install dependencies
include_tasks: tasks/install_packages.yml
vars:
package:
- libcap
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ acme_dns_user }}"
group: "{{ acme_dns_group }}"
dir: "{{ acme_dns_dir }}"
- name: get and extract latest version of acme-dns
include_tasks: tasks/get_lastversion.yml
vars:
package:
name: fritterhoff/acme-dns
location: github
assets: yes
asset_filter: 'Linux_amd64.tar.gz$'
file: "{{ (acme_dns_dir, 'last_version') | path_join }}"
extract: "{{ acme_dns_dir }}"
user: "{{ acme_dns_user }}"
group: "{{ acme_dns_group }}"
notify: restart acme-dns
- name: delete unnecessary files
file:
path: "{{ (acme_dns_dir, item) | path_join }}"
state: absent
loop:
- CHANGELOG.md
- LICENSE
- README.md
- name: template acme-dns config
template:
src: config.j2
dest: "{{ (acme_dns_dir, 'config.cfg') | path_join }}"
force: yes
mode: 0400
owner: "{{ acme_dns_user }}"
group: "{{ acme_dns_group }}"
lstrip_blocks: yes
notify: restart acme-dns
- name: template init script
template:
src: init.j2
dest: /etc/init.d/acme-dns
force: yes
mode: "+x"
notify: restart acme-dns
when: ansible_distribution == 'Alpine'
- name: ensure acme-dns binary has executable bit set
file:
path: "{{ (acme_dns_dir, 'acme-dns') | path_join }}"
mode: "+x"
- name: add cap_net_bind_service to acme-dns executable
community.general.capabilities:
path: "{{ (acme_dns_dir, 'acme-dns') | path_join }}"
capability: cap_net_bind_service+ep
changed_when: no
- name: flush handlers
meta: flush_handlers
- name: add reverse proxy config
include_role:
name: rproxy
tasks_from: add.yml
vars:
rproxy_config:
port: "{{ acme_dns_api_port }}"
acme:
server: "http://127.0.0.1:{{ acme_dns_api_port }}"
nginx_rproxy: rproxy_nginx.j2
caddy_rproxy:
- handler: reverse_proxy
upstreams:
- dial: "127.0.0.1:{{ acme_dns_api_port }}"
- name: add directories to backup plan
include_role:
name: backup
tasks_from: add.yml
vars:
backup_items:
- "{{ acme_dns_dir }}"
- name: enable and start acme-dns
service:
name: acme-dns
state: started
enabled: yes