diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-02-25 04:12:15 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-02-25 04:12:15 +0100 |
commit | 692500805f4f6d242e344c8f3beded72d9b01be8 (patch) | |
tree | 2c9c2c749a7ac5985ceef1b89572ef1beee02f17 | |
parent | added todo (diff) |
added acmetool role
-rw-r--r-- | group_vars/elevate/vars.yaml | 2 | ||||
-rw-r--r-- | group_vars/spreadspace/vars.yaml | 2 | ||||
-rw-r--r-- | host_playbooks/emc-xx.yaml | 1 | ||||
-rw-r--r-- | host_playbooks/helene.yaml | 1 | ||||
-rw-r--r-- | roles/acmetool/defaults/main.yml | 12 | ||||
-rw-r--r-- | roles/acmetool/handlers/main.yml | 5 | ||||
-rw-r--r-- | roles/acmetool/tasks/main.yml | 25 | ||||
-rw-r--r-- | roles/acmetool/templates/responses.j2 | 12 |
8 files changed, 60 insertions, 0 deletions
diff --git a/group_vars/elevate/vars.yaml b/group_vars/elevate/vars.yaml index 4d8f679d..1808db88 100644 --- a/group_vars/elevate/vars.yaml +++ b/group_vars/elevate/vars.yaml @@ -1,2 +1,4 @@ --- sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" + +acmetool_account_email: equinox@elevate.at diff --git a/group_vars/spreadspace/vars.yaml b/group_vars/spreadspace/vars.yaml index 47cb7fb6..30011725 100644 --- a/group_vars/spreadspace/vars.yaml +++ b/group_vars/spreadspace/vars.yaml @@ -1,2 +1,4 @@ --- sshserver_root_keys: "{{ [ ssh_keys.equinox.spread ] | join('\n') }}" + +acmetool_account_email: equinox@spreadspace.org diff --git a/host_playbooks/emc-xx.yaml b/host_playbooks/emc-xx.yaml index 9d0804fc..69e489d6 100644 --- a/host_playbooks/emc-xx.yaml +++ b/host_playbooks/emc-xx.yaml @@ -7,3 +7,4 @@ - role: sshserver - role: zsh - role: admin-user + - role: acmetool diff --git a/host_playbooks/helene.yaml b/host_playbooks/helene.yaml index efbcca5e..ce45cddf 100644 --- a/host_playbooks/helene.yaml +++ b/host_playbooks/helene.yaml @@ -7,3 +7,4 @@ - role: zsh - role: admin-user - role: blackmagic-desktopvideo + - role: acmetool diff --git a/roles/acmetool/defaults/main.yml b/roles/acmetool/defaults/main.yml new file mode 100644 index 00000000..409523da --- /dev/null +++ b/roles/acmetool/defaults/main.yml @@ -0,0 +1,12 @@ +--- +acmetool_directory_server_le_live: "https://acme-v01.api.letsencrypt.org/directory" +acmetool_directory_server_le_staging: "https://acme-staging.api.letsencrypt.org/directory" + +## this can't be changed after the account as been created (aka after the first run) +## and it's not recommended to keep this empty so we don't define it here which will lead to an error +# acmetool_account_email: +acmetool_directory_server: "{{ acmetool_directory_server_le_staging }}" + +acmetool_default_key_type: rsa +acmetool_default_rsa_key_size: 4096 +acmetool_default_ecdsa_curve: nistp256 diff --git a/roles/acmetool/handlers/main.yml b/roles/acmetool/handlers/main.yml new file mode 100644 index 00000000..3d6f1b76 --- /dev/null +++ b/roles/acmetool/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: reconcile acmetool + systemd: + name: acmetool.service + state: started diff --git a/roles/acmetool/tasks/main.yml b/roles/acmetool/tasks/main.yml new file mode 100644 index 00000000..c2fc2c6c --- /dev/null +++ b/roles/acmetool/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: check if acmetool package is new enough + debug: + msg: "Check distribution_release" + failed_when: (ansible_distribution == 'Debian' and ansible_distribution_major_version < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version < 17) or (ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu') + +- name: install acmetool + apt: + name: acmetool + state: present + +- name: create initial directory structure + command: acmetool --batch + args: + creates: /var/lib/acme/conf + +- name: create acmetool response file + template: + src: responses.j2 + dest: /var/lib/acme/conf/responses + +- name: run quickstart to create account and default target configuration + command: acmetool --batch quickstart + args: + creates: /var/lib/acme/conf/target diff --git a/roles/acmetool/templates/responses.j2 b/roles/acmetool/templates/responses.j2 new file mode 100644 index 00000000..a7bf2504 --- /dev/null +++ b/roles/acmetool/templates/responses.j2 @@ -0,0 +1,12 @@ +"acme-enter-email": "{{ acmetool_account_email }}" +"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf": true +"acmetool-quickstart-choose-server": {{ acmetool_directory_server }} +"acmetool-quickstart-choose-method": webroot +"acmetool-quickstart-webroot-path": "/var/run/acme/acme-challenge" +"acmetool-quickstart-complete": true +"acmetool-quickstart-install-cronjob": false +"acmetool-quickstart-install-haproxy-script": true +"acmetool-quickstart-install-redirector-systemd": false +"acmetool-quickstart-key-type": {{ acmetool_default_key_type }} +"acmetool-quickstart-rsa-key-size": {{ acmetool_default_rsa_key_size }} +"acmetool-quickstart-ecdsa-curve": {{ acmetool_default_ecdsa_curve }} |