61 lines
No EOL
1.6 KiB
YAML
61 lines
No EOL
1.6 KiB
YAML
---
|
|
- name: Install git and acl
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name:
|
|
- git
|
|
- acl
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Create acme user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ acme_sh_user }}"
|
|
|
|
- name: Add acme user to groups
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ acme_sh_user }}"
|
|
groups: "{{ acme_sh_user_groups }}"
|
|
append: true
|
|
when: acme_sh_user_groups|length > 0
|
|
|
|
- name: Add custom sudoers content if provided
|
|
become: true
|
|
ansible.builtin.copy:
|
|
content: "{{ acme_sh_user_sudoers_file_contents }}"
|
|
dest: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"
|
|
mode: "0440"
|
|
validate: "visudo -cf %s"
|
|
when: acme_sh_user_sudoers_file_contents | length > 0
|
|
|
|
- name: Ensure sudoers file exists
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"
|
|
state: touch
|
|
mode: "0440"
|
|
when: acme_sh_user_sudoers_file_contents | default('') == ""
|
|
|
|
- name: Add commands to sudoers file for acme_user
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: "/etc/sudoers.d/{{ acme_sh_user_sudoers_file }}"
|
|
create: true
|
|
line: "{{ acme_sh_user }} ALL=(ALL) NOPASSWD: {{ item }}"
|
|
validate: "visudo -cf %s"
|
|
loop: "{{ acme_sh_user_sudo_commands }}"
|
|
when:
|
|
- acme_sh_user_sudo_commands | length > 1
|
|
- acme_sh_user_sudoers_file_contents | default('') == ""
|
|
|
|
- name: Install acme.sh
|
|
become: true
|
|
become_user: "{{ acme_sh_user }}"
|
|
ansible.builtin.import_tasks: "install_acmesh.yml"
|
|
|
|
- name: Issue certs
|
|
become: true
|
|
become_user: "{{ acme_sh_user }}"
|
|
ansible.builtin.import_tasks: "issue_certs.yml" |