acmesh-install-deploy/tasks/main.yaml

---
- name: Install git and acl
  become: true
  ansible.builtin.apt:
    name:
      - git
      - acl
    state: present
    update_cache: yes

- name: Create acme user
  become: true
  ansible.builtin.user:
    name: "{{ acme_sh_user }}"

- name: Add acme user to groups
  become: true
  ansible.builtin.user:
    name: "{{ acme_sh_user }}"
    groups: "{{ acme_sh_user_groups }}"
    append: true
  when: acme_sh_user_groups|length > 0

- name: Add custom sudoers content if provided
  become: true
  ansible.builtin.copy:
    content: "{{ acme_sh_user_sudoers_file_contents }}"
    dest: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"
    mode: "0440"
    validate: "visudo -cf %s"
  when: acme_sh_user_sudoers_file_contents | length > 0

- name: Ensure sudoers file exists
  become: true
  ansible.builtin.file:
    path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"
    state: touch
    mode: "0440"
  when: acme_sh_user_sudoers_file_contents | default('') == ""

- name: Add commands to sudoers file for acme_user
  become: true
  ansible.builtin.lineinfile:
    path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"
    create: true
    line: "{{ acme_sh_user }} ALL=(ALL) NOPASSWD: {{ item }}"
    validate: "visudo -cf %s"
  loop: "{{ acme_sh_user_sudo_commands }}"
  when:
    - acme_sh_user_sudo_commands | length > 1
    - acme_sh_user_sudoers_file_contents | default('') == ""

- name: Install acme.sh
  become: true
  become_user: "{{ acme_sh_user }}"
  ansible.builtin.import_tasks: "install_acmesh.yml"

- name: Issue certs
  become: true
  become_user: "{{ acme_sh_user }}"
  ansible.builtin.import_tasks: "issue_certs.yml"
initial commit, not working, under development 2024-09-11 21:47:47 +02:00			`---`
+ set sudo commands for user 2024-10-28 17:41:19 +01:00			`- name: Install git and acl`
initial commit, not working, under development 2024-09-11 21:47:47 +02:00			`become: true`
			`ansible.builtin.apt:`
			`name:`
			`- git`
+ set sudo commands for user 2024-10-28 17:41:19 +01:00			`- acl`
initial commit, not working, under development 2024-09-11 21:47:47 +02:00			`state: present`
			`update_cache: yes`

			`- name: Create acme user`
			`become: true`
			`ansible.builtin.user:`
+feature added: install acme.sh 2024-09-13 14:53:21 +02:00			`name: "{{ acme_sh_user }}"`
initial commit, not working, under development 2024-09-11 21:47:47 +02:00
+feature added: install acme.sh 2024-09-13 14:53:21 +02:00			`- name: Add acme user to groups`
initial commit, not working, under development 2024-09-11 21:47:47 +02:00			`become: true`
			`ansible.builtin.user:`
+feature added: install acme.sh 2024-09-13 14:53:21 +02:00			`name: "{{ acme_sh_user }}"`
			`groups: "{{ acme_sh_user_groups }}"`
initial commit, not working, under development 2024-09-11 21:47:47 +02:00			`append: true`
+feature added: install acme.sh 2024-09-13 14:53:21 +02:00			`when: acme_sh_user_groups\|length > 0`
initial commit, not working, under development 2024-09-11 21:47:47 +02:00
+ set sudo commands for user 2024-10-28 17:41:19 +01:00			`- name: Add custom sudoers content if provided`
			`become: true`
			`ansible.builtin.copy:`
			`content: "{{ acme_sh_user_sudoers_file_contents }}"`
			`dest: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"`
			`mode: "0440"`
			`validate: "visudo -cf %s"`
			`when: acme_sh_user_sudoers_file_contents \| length > 0`

			`- name: Ensure sudoers file exists`
			`become: true`
			`ansible.builtin.file:`
			`path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"`
			`state: touch`
			`mode: "0440"`
			`when: acme_sh_user_sudoers_file_contents \| default('') == ""`

			`- name: Add commands to sudoers file for acme_user`
			`become: true`
			`ansible.builtin.lineinfile:`
			`path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"`
			`create: true`
			`line: "{{ acme_sh_user }} ALL=(ALL) NOPASSWD: {{ item }}"`
			`validate: "visudo -cf %s"`
			`loop: "{{ acme_sh_user_sudo_commands }}"`
			`when:`
			`- acme_sh_user_sudo_commands \| length > 1`
			`- acme_sh_user_sudoers_file_contents \| default('') == ""`

initial commit, not working, under development 2024-09-11 21:47:47 +02:00			`- name: Install acme.sh`
			`become: true`
+feature added: install acme.sh 2024-09-13 14:53:21 +02:00			`become_user: "{{ acme_sh_user }}"`
initial working version; readme updated 2024-09-14 21:51:44 +02:00			`ansible.builtin.import_tasks: "install_acmesh.yml"`

			`- name: Issue certs`
			`become: true`
			`become_user: "{{ acme_sh_user }}"`
			`ansible.builtin.import_tasks: "issue_certs.yml"`