--- - name: Install git and acl become: true ansible.builtin.apt: name: - git - acl state: present update_cache: yes - name: Create acme user become: true ansible.builtin.user: name: "{{ acme_sh_user }}" - name: Add acme user to groups become: true ansible.builtin.user: name: "{{ acme_sh_user }}" groups: "{{ acme_sh_user_groups }}" append: true when: acme_sh_user_groups|length > 0 - name: Add custom sudoers content if provided become: true ansible.builtin.copy: content: "{{ acme_sh_user_sudoers_file_contents }}" dest: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}" mode: "0440" validate: "visudo -cf %s" when: acme_sh_user_sudoers_file_contents | length > 0 - name: Ensure sudoers file exists become: true ansible.builtin.file: path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}" state: touch mode: "0440" when: acme_sh_user_sudoers_file_contents | default('') == "" - name: Add commands to sudoers file for acme_user become: true ansible.builtin.lineinfile: path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}" create: true line: "{{ acme_sh_user }} ALL=(ALL) NOPASSWD: {{ item }}" validate: "visudo -cf %s" loop: "{{ acme_sh_user_sudo_commands }}" when: - acme_sh_user_sudo_commands | length > 1 - acme_sh_user_sudoers_file_contents | default('') == "" - name: Install acme.sh become: true become_user: "{{ acme_sh_user }}" ansible.builtin.import_tasks: "install_acmesh.yml" - name: Issue certs become: true become_user: "{{ acme_sh_user }}" ansible.builtin.import_tasks: "issue_certs.yml"