From f679bcf007a81c67e8fcec0934928a55a3d6ed34 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Fri, 11 May 2018 12:01:13 +0200 Subject: [PATCH 1/1] add lets-encrypt-tiny --- roles/apache/tasks/main.yml | 2 +- roles/base/tasks/main.yml | 5 ----- roles/letsencrypt/tasks/main.yml | 27 +++++++++++++++++++++++++++ web.yml | 3 +++ 4 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 roles/letsencrypt/tasks/main.yml diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index a4d1b24..fe51563 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -2,7 +2,7 @@ apt: name=apache2,python-netaddr state=latest - name: enable apache service: name=apache2 enabled=yes -# config +# apache config - name: enable modules apache2_module: state: present diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 0bc1caf..8ac63b0 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -16,11 +16,6 @@ apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports - name: install some basic tools apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest -# dh2048 -- name: create dh2048 file - command: openssl dhparam -out /etc/ssl/dh2048.pem 2048 - args: - creates: "/etc/ssl/dh2048.pem" # configuration - name: configure root shell copy: diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml new file mode 100644 index 0000000..d838d21 --- /dev/null +++ b/roles/letsencrypt/tasks/main.yml @@ -0,0 +1,27 @@ +# dh2048 +- name: create dh2048 file + command: openssl dhparam -out /etc/ssl/dh2048.pem 2048 + args: + creates: "/etc/ssl/dh2048.pem" +# lets encrypt tiny +- name: clone lets-encrypt-tiny + git: + dest: /var/lib/letsencrypt/lets-encrypt-tiny + repo: 'https://git.ralfj.de/lets-encrypt-tiny.git' + version: 1b15f25eb3f15859f0e0c8f584dcd423fc24a11c +- name: obtain certificate + command: /var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf init + args: + creates: "/etc/ssl/mycerts/letsencrypt/live.crt" +- name: create lets-encrypt-tiny crontab entry + cron: + name: "lets-encrypt-tiny" + hour: "7" + minute: "42" + job: "/var/lib/letsencrypt/lets-encrypt-tiny/letsencrypt-tiny -c /var/lib/letsencrypt/live.conf -k cron" +- name: create certcheck crontab entry + cron: + name: "certcheck" + hour: "9" + minute: "42" + job: "/var/lib/letsencrypt/lets-encrypt-tiny/certcheck /etc/ssl/mycerts/ -d 14" diff --git a/web.yml b/web.yml index a7a85fd..2d55576 100644 --- a/web.yml +++ b/web.yml @@ -1,3 +1,6 @@ +- hosts: letsencrypt + roles: + - letsencrypt - hosts: apache roles: - apache -- 2.30.2