initial working version; readme updated

2024-09-14 21:51:44 +02:00 · 2024-09-14 21:51:44 +02:00 · e446123f46
commit e446123f46
parent 6951fc4040
6 changed files with 99 additions and 28 deletions
--- a/tasks/install_acmesh.yml
+++ b/tasks/install_acmesh.yml
@ -24,12 +24,4 @@
      --config-home {{ acme_sh_config_home | quote }}
      --set-default-ca
      --server {{ acme_sh_default_ca_server | quote }}
-
- name: Register CA
-  ansible.builtin.command:
-    chdir: "{{ acme_sh_home }}"
-    cmd: |
-      /bin/sh acme.sh
-      --config-home {{ acme_sh_config_home | quote }}
-      --register-account
-      
+    creates: "{{ acme_sh_home }}/ca_set_by_ansible"
--- a/tasks/issue_cert.yml
+++ b/tasks/issue_cert.yml
@ -1,9 +0,0 @@
- name: Register CA
-  ansible.builtin.command:
-    chdir: "{{ acme_sh_home }}"
-    cmd: |
-      /bin/sh acme.sh
-      --config-home {{ acme_sh_config_home | quote }}
-      --set-default-ca
-      --server {{ acme_sh_default_ca_server | quote }}
-
--- a/tasks/issue_certs.yml
+++ b/tasks/issue_certs.yml
@ -0,0 +1,45 @@
+- name: Create directory hierarchyes for certs
+  ansible.builtin.file:
+    mode: "755"
+    path: "{{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc"
+    state: directory
+  loop: "{{ acme_sh_domains }}"
+
+- name: Copy pre_hooks
+  ansible.builtin.copy:
+    content: "{{ item['pre_hook'] | default('') }}"
+    dest: "{{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/pre_hook.sh"
+    mode: "755"
+  loop: "{{ acme_sh_domains }}"
+
+- name: Copy post_hooks
+  ansible.builtin.copy:
+    content: "{{ item['post_hook'] | default('')}}"
+    dest: "{{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/post_hook.sh"
+    mode: "755"
+  loop: "{{ acme_sh_domains }}"
+
+- name: Copy update_hooks
+  ansible.builtin.copy:
+    content: "{{ item['renew_hook'] | default('')}}"
+    dest: "{{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/renew_hook.sh"
+    mode: "755"
+  loop: "{{ acme_sh_domains }}"
+
+
+- name: Issue certs
+  ansible.builtin.command:
+    chdir: "{{ acme_sh_home }}"
+    cmd: |
+      /bin/sh acme.sh
+      --config-home {{ acme_sh_config_home | quote }}
+      --issue
+      --dns dns_cf
+      -d {{ item['domains'] | join(' -d ') }}
+      --pre-hook {{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/pre_hook.sh
+      --post-hook {{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/post_hook.sh
+      --renew-hook {{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/update_hook.sh
+    creates: "{{ acme_sh_cert_home }}/{{ item['domains'][0] }}_ecc/fullchain.cer"
+  environment: "{{ item['acme_sh_issue_env_vars'] }}"
+  loop: "{{ acme_sh_domains }}"
+
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -23,4 +23,9 @@
 - name: Install acme.sh
  become: true
  become_user: "{{ acme_sh_user }}"
-  ansible.builtin.import_tasks: "install_acmesh.yml"
+  ansible.builtin.import_tasks: "install_acmesh.yml"
+
+- name: Issue certs
+  become: true
+  become_user: "{{ acme_sh_user }}"
+  ansible.builtin.import_tasks: "issue_certs.yml"