Files
@ 8cf2c6766e78
Branch filter:
Location: freifunk/Ansible-Configuration/web/tasks/install_acme_sh.yml - annotation
8cf2c6766e78
1.2 KiB
text/x-yaml
feat: reload sshd before adding new users (avoid vuln.)
97740b3e6e8e 5c2696aa6249 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e 97740b3e6e8e | ---
# This just installs acme.sh for freifunk
- name: Check if acme.sh config files exists
ansible.builtin.stat:
path: "/root/.acme.sh"
get_checksum: false
register: acme_config
- name: Download acme.sh
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"
dest: "/opt/downloaded_acme.sh"
force: true
mode: '755'
owner: root
group: root
become: true
become_method: sudo
register: download_acme
when: acme_config.stat.exists == false
- name: Install acme.sh
ansible.builtin.command:
cmd: "/bin/bash /opt/downloaded_acme.sh --install --nocron -m freifunk@c3l.lu"
become: true
become_method: sudo
when: download_acme.changed && acme_config.stat.exists == false
- name: Update acme.sh if not newly installed
ansible.builtin.command:
cmd: "/bin/bash /root/.acme.sh/acme.sh --upgrade"
become: true
when: acme_config.stat.exists
- name: Add cronjob for acme.sh
ansible.builtin.cron:
name: "reissue certs if necessary"
user: root
job: "/root/.acme.sh/acme.sh --cron --home \"/root/.acme.sh/\" > /dev/null"
state: "present"
minute: "0"
hour: "0"
day: "*"
month: "*"
weekday: "*"
|