add lets-encrypt-tiny
authorRalf Jung <post@ralfj.de>
Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
committerRalf Jung <post@ralfj.de>
Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)
roles/apache/tasks/main.yml
roles/base/tasks/main.yml
roles/letsencrypt/tasks/main.yml [new file with mode: 0644]
web.yml

index a4d1b248863301e6eebfe718d97e5381c5ac65fb..fe51563466f38562aab6e21a3bc6646ffbc520c5 100644 (file)
@@ -2,7 +2,7 @@
   apt: name=apache2,python-netaddr state=latest
 - name: enable apache
   service: name=apache2 enabled=yes
-# config
+# apache config
 - name: enable modules
   apache2_module:
     state: present
index 0bc1caff8f5a127f348455138f7c84b49e9b21b9..8ac63b031d4026020c81b76eef50d4679c298231 100644 (file)
   apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
 - name: install some basic tools
   apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
-# dh2048
-- name: create dh2048 file
-  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
-  args:
-    creates: "/etc/ssl/dh2048.pem"
 # configuration
 - name: configure root shell
   copy:
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
new file mode 100644 (file)
index 0000000..d838d21
--- /dev/null
@@ -0,0 +1,27 @@
+# dh2048
+- name: create dh2048 file
+  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
+  args:
+    creates: "/etc/ssl/dh2048.pem"
+# lets encrypt tiny
+- name: clone lets-encrypt-tiny
+  git:
+    dest: /var/lib/letsencrypt/lets-encrypt-tiny
+    repo: 'https://git.ralfj.de/lets-encrypt-tiny.git'
+    version: 1b15f25eb3f15859f0e0c8f584dcd423fc24a11c
+- name: obtain certificate
+  command: /var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf init
+  args:
+    creates: "/etc/ssl/mycerts/letsencrypt/live.crt"
+- name: create lets-encrypt-tiny crontab entry
+  cron:
+    name: "lets-encrypt-tiny"
+    hour: "7"
+    minute: "42"
+    job: "/var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf -k cron"
+- name: create certcheck crontab entry
+  cron:
+    name: "certcheck"
+    hour: "9"
+    minute: "42"
+    job: "/var/lib/letsencrypt/lets-encrypt-tiny/certcheck /etc/ssl/mycerts/ -d 14"
diff --git a/web.yml b/web.yml
index a7a85fd9dfe8e58a5cccc3c0c0add82af17e16f9..2d555760cc527e1d4654a5137716bacd25773241 100644 (file)
--- a/web.yml
+++ b/web.yml
@@ -1,3 +1,6 @@
+- hosts: letsencrypt
+  roles:
+  - letsencrypt
 - hosts: apache
   roles:
   - apache