Compare commits

...

2 Commits

Author SHA1 Message Date
bd04d892f8
Added cerbot renewal jobs 2019-11-27 16:10:19 -06:00
f292c531db
Fix rsyslog file and directory permissions 2019-11-27 16:09:22 -06:00
7 changed files with 94 additions and 1 deletions

View File

@ -1,3 +1,21 @@
--- ---
certbot_package_name: certbot certbot_package_name: certbot
certbot_package_state: present certbot_package_state: present
certbot_service_name: certbot.service
certbot_timer_name: certbot.timer
certbot_timer_state: started
certbot_timer_enabled: yes
certbot_cron_user: root
certbot_cron_file_path: /etc/cron.d/certbot
certbot_cron_env:
path: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
shell: /bin/sh
certbot_cron_command: test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
cerbot_cron_hour: "*/12"
cerbot_cron_minute: "0"
certbot_system_timer_on_calender: "*-*-* 00,12:00:00"
certbot_system_timer_randomized_delay_sec: 43200

View File

@ -0,0 +1,6 @@
---
- name: systemd daemon-reload
systemd:
name: "{{ certbot_service_name }}"
daemon_reload: yes
state: restarted

View File

@ -39,3 +39,47 @@
- name: request certificates - name: request certificates
include_tasks: "issue.yaml" include_tasks: "issue.yaml"
loop: "{{ certbot_certificates }}" loop: "{{ certbot_certificates }}"
- name: configure systemd timer
block:
- name: create systemd timer override directory
file:
path: "/etc/systemd/system/{{ certbot_timer_name }}.d"
owner: root
group: root
mode: 0755
state: directory
- name: configure systemd timer options
template:
src: certbot.timer.j2
dest: "/etc/systemd/system/{{ certbot_timer_name }}.d/override.conf"
owner: root
group: root
mode: 0644
notify: systemd daemon-reload
- name: enable the timer
systemd:
name: "{{ certbot_timer_name }}"
state: "{{ certbot_timer_state }}"
enabled: "{{ certbot_timer_enabled }}"
when: ansible_service_mgr == "systemd"
- name: configure cron job
block:
- name: configure env
cron:
name: "{{ item.key | upper }}"
env: yes
job: "{{ item.value }}"
user: "{{ certbot_cron_user }}"
cron_file: "{{ certbot_cron_file_path }}"
loop: "{{ certbot_cron_env | dict2items }}"
- name: create job
cron:
name: certbot
user: "{{ certbot_cron_user }}"
hour: "{{ certbot_cron_hour }}"
minute: "{{ certbot_cron_minute }}"
cron_file: "{{ certbot_cron_file_path }}"
job: "{{ certbot_cron_command }}"

View File

@ -0,0 +1,5 @@
# {{ ansible_managed }}
[Timer]
OnCalendar={{ certbot_system_timer_on_calender }}
RandomizedDelaySec={{ certbot_system_timer_randomized_delay_sec }}

View File

@ -24,4 +24,12 @@ template(
type="omfile" type="omfile"
dynafile="FilePerDay" dynafile="FilePerDay"
template="RSYSLOG_FileFormat" template="RSYSLOG_FileFormat"
fileCreateMode="{{ rsyslog_file_create_mode }}"
dirCreateMode="{{ rsyslog_dir_create_mode }}"
createDirs="{{ rsyslog_create_dirs | ternary('on', 'off') }}"
fileOwner="{{ rsyslog_file_owner }}"
fileGroup="{{ rsyslog_file_group }}"
dirOwner="{{ rsyslog_file_owner }}"
dirGroup="{{ rsyslog_file_group }}"
umask="{{ rsyslog_umask }}"
) )

View File

@ -27,9 +27,18 @@ $FileOwner {{ rsyslog_file_owner }}
{% if rsyslog_file_group is defined %} {% if rsyslog_file_group is defined %}
$FileGroup {{ rsyslog_file_group }} $FileGroup {{ rsyslog_file_group }}
{% endif %} {% endif %}
{% if rsyslog_dir_owner is defined %}
$FileOwner {{ rsyslog_dir_owner }}
{% endif %}
{% if rsyslog_dir_group is defined %}
$FileGroup {{ rsyslog_dir_group }}
{% endif %}
{% if rsyslog_file_create_mode is defined %} {% if rsyslog_file_create_mode is defined %}
$FileCreateMode {{ rsyslog_file_create_mode }} $FileCreateMode {{ rsyslog_file_create_mode }}
{% endif %} {% endif %}
{% if rsyslog_create_dirs is defined %}
CreateDirs {{ rsyslog_create_dirs | ternary('on', 'off') }}
{% endif %}
{% if rsyslog_dir_create_mode is defined %} {% if rsyslog_dir_create_mode is defined %}
$DirCreateMode {{ rsyslog_dir_create_mode }} $DirCreateMode {{ rsyslog_dir_create_mode }}
{% endif %} {% endif %}

View File

@ -1,8 +1,11 @@
--- ---
rsyslog_file_owner: syslog rsyslog_file_owner: syslog
rsyslog_file_group: adm rsyslog_file_group: adm
rsyslog_file_create_mode: "0644" rsyslog_dir_owner: syslog
rsyslog_dir_group: adm
rsyslog_file_create_mode: "0640"
rsyslog_dir_create_mode: "0755" rsyslog_dir_create_mode: "0755"
rsyslog_create_dirs: yes
rsyslog_umask: "0022" rsyslog_umask: "0022"
rsyslog_priv_drop_to_user: syslog rsyslog_priv_drop_to_user: syslog
rsyslog_priv_drop_to_group: syslog rsyslog_priv_drop_to_group: syslog