added acmetool role

author: Christian Pointner <equinox@spreadspace.org> 2018-02-25 04:12:15 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2018-02-25 04:12:15 +0100
commit: 692500805f4f6d242e344c8f3beded72d9b01be8 (patch)
tree: 2c9c2c749a7ac5985ceef1b89572ef1beee02f17 /roles
parent: added todo (diff)
4 files changed, 54 insertions, 0 deletions
diff --git a/roles/acmetool/defaults/main.yml b/roles/acmetool/defaults/main.yml
new file mode 100644
index 00000000..409523da
--- /dev/null
+++ b/roles/acmetool/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+acmetool_directory_server_le_live: "https://acme-v01.api.letsencrypt.org/directory"
+acmetool_directory_server_le_staging: "https://acme-staging.api.letsencrypt.org/directory"
+
+## this can't be changed after the account as been created (aka after the first run)
+## and it's not recommended to keep this empty so we don't define it here which will lead to an error
+# acmetool_account_email:
+acmetool_directory_server: "{{ acmetool_directory_server_le_staging }}"
+
+acmetool_default_key_type: rsa
+acmetool_default_rsa_key_size: 4096
+acmetool_default_ecdsa_curve: nistp256
diff --git a/roles/acmetool/handlers/main.yml b/roles/acmetool/handlers/main.yml
new file mode 100644
index 00000000..3d6f1b76
--- /dev/null
+++ b/roles/acmetool/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reconcile acmetool
+  systemd:
+    name: acmetool.service
+    state: started
diff --git a/roles/acmetool/tasks/main.yml b/roles/acmetool/tasks/main.yml
new file mode 100644
index 00000000..c2fc2c6c
--- /dev/null
+++ b/roles/acmetool/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: check if acmetool package is new enough
+  debug:
+    msg: "Check distribution_release"
+  failed_when: (ansible_distribution == 'Debian' and ansible_distribution_major_version < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version < 17) or (ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu')
+
+- name: install acmetool
+  apt:
+    name: acmetool
+    state: present
+
+- name: create initial directory structure
+  command: acmetool --batch
+  args:
+    creates: /var/lib/acme/conf
+
+- name: create acmetool response file
+  template:
+    src: responses.j2
+    dest: /var/lib/acme/conf/responses
+
+- name: run quickstart to create account and default target configuration
+  command: acmetool --batch quickstart
+  args:
+    creates: /var/lib/acme/conf/target
diff --git a/roles/acmetool/templates/responses.j2 b/roles/acmetool/templates/responses.j2
new file mode 100644
index 00000000..a7bf2504
--- /dev/null
+++ b/roles/acmetool/templates/responses.j2
@@ -0,0 +1,12 @@
+"acme-enter-email": "{{ acmetool_account_email }}"
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf": true
+"acmetool-quickstart-choose-server": {{ acmetool_directory_server }}
+"acmetool-quickstart-choose-method": webroot
+"acmetool-quickstart-webroot-path": "/var/run/acme/acme-challenge"
+"acmetool-quickstart-complete": true
+"acmetool-quickstart-install-cronjob": false
+"acmetool-quickstart-install-haproxy-script": true
+"acmetool-quickstart-install-redirector-systemd": false
+"acmetool-quickstart-key-type": {{ acmetool_default_key_type }}
+"acmetool-quickstart-rsa-key-size": {{ acmetool_default_rsa_key_size }}
+"acmetool-quickstart-ecdsa-curve": {{ acmetool_default_ecdsa_curve }}
author	Christian Pointner <equinox@spreadspace.org>	2018-02-25 04:12:15 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2018-02-25 04:12:15 +0100
commit	692500805f4f6d242e344c8f3beded72d9b01be8 (patch)
tree	2c9c2c749a7ac5985ceef1b89572ef1beee02f17 /roles
parent	added todo (diff)