ansible-playbooks

another attempt to have everything organized ...
git clone https://git.e1e0.net/ansible-playbooks.git
Log | Files | Refs | README | LICENSE

main.yml (2219B)

      1 ---
      2 - name: Assert that at least one certificate exist
      3   stat:
      4     path: "/etc/ssl/letsencrypt/{{ https_servers[0].server_name }}/cert.pem"
      5   register: ssl_certificate_check
      6 
      7 - name: Set main http service
      8   template:
      9     src: templates/httpd.conf.j2
     10     dest: /etc/httpd.conf
     11     owner: root
     12     group: wheel
     13     mode: 0640
     14   notify:
     15     - restart httpd
     16 
     17 - name: start and enable httpd
     18   service:
     19     name: httpd
     20     state: started
     21     enabled: yes
     22 
     23 - name: Create acme client config
     24   template:
     25     src: templates/acme-client.conf.j2
     26     dest: /etc/acme-client.conf
     27     owner: root
     28     group: wheel
     29     mode: 0644
     30 
     31 - name: Create acme client main folder
     32   file:
     33     path: "/etc/ssl/letsencrypt"
     34     state: directory
     35     owner: root
     36     group: wheel
     37     mode: 0755
     38 
     39 - name: Create acme client folder structure
     40   file:
     41     path: "/etc/ssl/letsencrypt/{{ item.server_name }}"
     42     state: directory
     43     owner: root
     44     group: wheel
     45     mode: 0755
     46   with_items: "{{ https_servers }}"
     47 
     48 - name: Call acme client for each domain
     49   command: "/usr/sbin/acme-client -v {{ item.server_name }}"
     50   args:
     51     creates: "/etc/ssl/letsencrypt/{{ item.server_name }}/cert.pem"
     52   notify:
     53   - restart httpd
     54   ignore_errors: yes
     55   with_items: "{{ https_servers }}"
     56 
     57 - name: Create renew script
     58   template:
     59     src: templates/renew_cert.sh.j2
     60     dest: /usr/local/bin/renew_cert.sh
     61     owner: root
     62     group: wheel
     63     mode: 0755
     64 
     65 - name: renew script cron task
     66   lineinfile:
     67     path: /etc/daily.local
     68     state: present
     69     create: yes
     70     line: /usr/local/bin/renew_cert.sh
     71     owner: root
     72     group: wheel
     73     mode: 0444
     74 
     75 - name: Create vhosts folder structure
     76   file:
     77     path: "/var/www{{ item.root }}"
     78     state: directory
     79     recurse: yes
     80     owner: "{{ item.server_owner }}"
     81     group: wheel
     82     mode: 0755
     83   with_items: "{{ https_servers }}"
     84 
     85 - name: Create https services main folder
     86   file:
     87     path: "/etc/httpd.d"
     88     state: directory
     89     owner: root
     90     group: wheel
     91     mode: 0755
     92 
     93 - name: Set https services
     94   template:
     95     src: templates/https-host.conf.j2
     96     dest: "/etc/httpd.d/{{ item.server_name }}.conf"
     97     owner: root
     98     group: wheel
     99     mode: 0640
    100   notify:
    101     - restart httpd
    102   with_items: "{{ https_servers }}"