add lets-encrypt-tiny

author Ralf Jung <post@ralfj.de>

Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)

committer Ralf Jung <post@ralfj.de>

Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
author Ralf Jung <post@ralfj.de>
Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
committer Ralf Jung <post@ralfj.de>
Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml

index a4d1b248863301e6eebfe718d97e5381c5ac65fb..fe51563466f38562aab6e21a3bc6646ffbc520c5 100644 (file)
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -2,7 +2,7 @@
    apt: name=apache2,python-netaddr state=latest
  - name: enable apache
    service: name=apache2 enabled=yes
-# config
+# apache config
  - name: enable modules
    apache2_module:
      state: present
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml

index 0bc1caff8f5a127f348455138f7c84b49e9b21b9..8ac63b031d4026020c81b76eef50d4679c298231 100644 (file)
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -16,11 +16,6 @@
    apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
  - name: install some basic tools
    apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
-# dh2048
-- name: create dh2048 file
-  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
-  args:
-    creates: "/etc/ssl/dh2048.pem"
  # configuration
  - name: configure root shell
    copy:
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml

new file mode 100644 (file)

index 0000000..d838d21
--- /dev/null
+++ b/roles/letsencrypt/tasks/main.yml
@@ -0,0 +1,27 @@
+# dh2048
+- name: create dh2048 file
+  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
+  args:
+    creates: "/etc/ssl/dh2048.pem"
+# lets encrypt tiny
+- name: clone lets-encrypt-tiny
+  git:
+    dest: /var/lib/letsencrypt/lets-encrypt-tiny
+    repo: 'https://git.ralfj.de/lets-encrypt-tiny.git'
+    version: 1b15f25eb3f15859f0e0c8f584dcd423fc24a11c
+- name: obtain certificate
+  command: /var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf init
+  args:
+    creates: "/etc/ssl/mycerts/letsencrypt/live.crt"
+- name: create lets-encrypt-tiny crontab entry
+  cron:
+    name: "lets-encrypt-tiny"
+    hour: "7"
+    minute: "42"
+    job: "/var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf -k cron"
+- name: create certcheck crontab entry
+  cron:
+    name: "certcheck"
+    hour: "9"
+    minute: "42"
+    job: "/var/lib/letsencrypt/lets-encrypt-tiny/certcheck /etc/ssl/mycerts/ -d 14"
diff --git a/web.yml b/web.yml

index a7a85fd9dfe8e58a5cccc3c0c0add82af17e16f9..2d555760cc527e1d4654a5137716bacd25773241 100644 (file)
--- a/web.yml
+++ b/web.yml
@@ -1,3 +1,6 @@
+- hosts: letsencrypt
+  roles:
+  - letsencrypt
  - hosts: apache
    roles:
    - apache
author	Ralf Jung <post@ralfj.de>
	Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
committer	Ralf Jung <post@ralfj.de>
	Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
roles/apache/tasks/main.yml		patch \| blob \| history
roles/base/tasks/main.yml		patch \| blob \| history
roles/letsencrypt/tasks/main.yml	[new file with mode: 0644]	patch \| blob
web.yml		patch \| blob \| history