acme: Moved certificate handling to custom system user
Avoided using root for acme.sh Modified also role nginx/applicationwip
parent
9e20b807f1
commit
a3fde6aa3c
@ -1,8 +1,15 @@
|
||||
---
|
||||
|
||||
acme_source_directory: "/usr/local/src/acme.sh"
|
||||
acme_system_user: "acme"
|
||||
acme_user_directory: "/var/{{ acme_system_user }}"
|
||||
|
||||
acme_source_directory: "{{ acme_user_directory }}/repository"
|
||||
acme_source_repository: "https://github.com/Neilpang/acme.sh.git"
|
||||
acme_source_version: "master"
|
||||
|
||||
acme_account_mail: felix.stupp@outlook.com
|
||||
|
||||
acme_certificates_directory: "/root/certificates"
|
||||
acme_installation_directory: "{{ acme_user_directory }}/application"
|
||||
acme_configuration_directory: "{{ acme_user_directory }}/configuration"
|
||||
acme_internal_certificates_directory: "{{ acme_configuration_directory }}/certificates"
|
||||
acme_certificates_directory: "{{ acme_user_directory }}/certificates"
|
||||
|
@ -1,39 +1,37 @@
|
||||
---
|
||||
|
||||
- name: Create source directory
|
||||
file:
|
||||
path: "{{ acme_source_directory | dirname }}"
|
||||
state: "directory"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: Download acme.sh
|
||||
become_user: "{{ acme_system_user }}"
|
||||
git:
|
||||
repo: "{{ acme_source_repository }}"
|
||||
version: "{{ acme_source_version }}"
|
||||
dest: "{{ acme_source_directory }}"
|
||||
update: no
|
||||
|
||||
# TODO Create custom user for certificate validations
|
||||
|
||||
- name: Configure acme.sh
|
||||
become_user: "{{ acme_system_user }}"
|
||||
command: >-
|
||||
./acme.sh --install --log
|
||||
--days 30
|
||||
--accountemail {{ acme_account_mail }}
|
||||
./acme.sh --install
|
||||
--home {{ acme_installation_directory | quote }}
|
||||
--config-home {{ acme_configuration_directory | quote }}
|
||||
--cert-home {{ acme_internal_certificates_directory | quote }}
|
||||
--accountemail {{ acme_account_mail | quote }}
|
||||
args:
|
||||
chdir: "{{ acme_source_directory }}"
|
||||
creates: "~/.acme.sh/acme.sh"
|
||||
creates: "{{ acme_installation_directory }}"
|
||||
|
||||
- name: Upgrade acme.sh
|
||||
become_user: "{{ acme_system_user }}"
|
||||
command: ./acme.sh --upgrade
|
||||
args:
|
||||
chdir: "~/.acme.sh"
|
||||
chdir: "{{ acme_installation_directory }}"
|
||||
register: acme_upgrade_results
|
||||
changed_when: acme_upgrade_results.rc == 0 and "Upgrade success" in acme_upgrade_results.stdout
|
||||
|
||||
- name: Create directory for certificates
|
||||
file:
|
||||
path: "{{ acme_certificates_directory }}"
|
||||
state: "directory"
|
||||
state: directory
|
||||
owner: "{{ acme_system_user }}"
|
||||
group: "{{ acme_system_user }}"
|
||||
mode: "u=rwx,g=,o="
|
||||
|
@ -1,3 +1,6 @@
|
||||
---
|
||||
|
||||
allow_duplicates: no
|
||||
|
||||
dependencies:
|
||||
- role: acme/application
|
||||
|
Loading…
Reference in New Issue