Compare commits
2 Commits
134fd61d6b
...
bd04d892f8
| Author | SHA1 | Date | |
|---|---|---|---|
bd04d892f8
|
|||
|
f292c531db
|
@@ -1,3 +1,21 @@
|
|||||||
---
|
---
|
||||||
certbot_package_name: certbot
|
certbot_package_name: certbot
|
||||||
certbot_package_state: present
|
certbot_package_state: present
|
||||||
|
|
||||||
|
certbot_service_name: certbot.service
|
||||||
|
|
||||||
|
certbot_timer_name: certbot.timer
|
||||||
|
certbot_timer_state: started
|
||||||
|
certbot_timer_enabled: yes
|
||||||
|
|
||||||
|
certbot_cron_user: root
|
||||||
|
certbot_cron_file_path: /etc/cron.d/certbot
|
||||||
|
certbot_cron_env:
|
||||||
|
path: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
shell: /bin/sh
|
||||||
|
certbot_cron_command: test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
|
||||||
|
cerbot_cron_hour: "*/12"
|
||||||
|
cerbot_cron_minute: "0"
|
||||||
|
|
||||||
|
certbot_system_timer_on_calender: "*-*-* 00,12:00:00"
|
||||||
|
certbot_system_timer_randomized_delay_sec: 43200
|
||||||
|
|||||||
6
roles/certbot/handlers/main.yaml
Normal file
6
roles/certbot/handlers/main.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: systemd daemon-reload
|
||||||
|
systemd:
|
||||||
|
name: "{{ certbot_service_name }}"
|
||||||
|
daemon_reload: yes
|
||||||
|
state: restarted
|
||||||
@@ -39,3 +39,47 @@
|
|||||||
- name: request certificates
|
- name: request certificates
|
||||||
include_tasks: "issue.yaml"
|
include_tasks: "issue.yaml"
|
||||||
loop: "{{ certbot_certificates }}"
|
loop: "{{ certbot_certificates }}"
|
||||||
|
|
||||||
|
- name: configure systemd timer
|
||||||
|
block:
|
||||||
|
- name: create systemd timer override directory
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/{{ certbot_timer_name }}.d"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: configure systemd timer options
|
||||||
|
template:
|
||||||
|
src: certbot.timer.j2
|
||||||
|
dest: "/etc/systemd/system/{{ certbot_timer_name }}.d/override.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: systemd daemon-reload
|
||||||
|
- name: enable the timer
|
||||||
|
systemd:
|
||||||
|
name: "{{ certbot_timer_name }}"
|
||||||
|
state: "{{ certbot_timer_state }}"
|
||||||
|
enabled: "{{ certbot_timer_enabled }}"
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: configure cron job
|
||||||
|
block:
|
||||||
|
- name: configure env
|
||||||
|
cron:
|
||||||
|
name: "{{ item.key | upper }}"
|
||||||
|
env: yes
|
||||||
|
job: "{{ item.value }}"
|
||||||
|
user: "{{ certbot_cron_user }}"
|
||||||
|
cron_file: "{{ certbot_cron_file_path }}"
|
||||||
|
loop: "{{ certbot_cron_env | dict2items }}"
|
||||||
|
- name: create job
|
||||||
|
cron:
|
||||||
|
name: certbot
|
||||||
|
user: "{{ certbot_cron_user }}"
|
||||||
|
hour: "{{ certbot_cron_hour }}"
|
||||||
|
minute: "{{ certbot_cron_minute }}"
|
||||||
|
cron_file: "{{ certbot_cron_file_path }}"
|
||||||
|
job: "{{ certbot_cron_command }}"
|
||||||
|
|||||||
5
roles/certbot/templates/certbot.timer.j2
Normal file
5
roles/certbot/templates/certbot.timer.j2
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar={{ certbot_system_timer_on_calender }}
|
||||||
|
RandomizedDelaySec={{ certbot_system_timer_randomized_delay_sec }}
|
||||||
@@ -24,4 +24,12 @@ template(
|
|||||||
type="omfile"
|
type="omfile"
|
||||||
dynafile="FilePerDay"
|
dynafile="FilePerDay"
|
||||||
template="RSYSLOG_FileFormat"
|
template="RSYSLOG_FileFormat"
|
||||||
|
fileCreateMode="{{ rsyslog_file_create_mode }}"
|
||||||
|
dirCreateMode="{{ rsyslog_dir_create_mode }}"
|
||||||
|
createDirs="{{ rsyslog_create_dirs | ternary('on', 'off') }}"
|
||||||
|
fileOwner="{{ rsyslog_file_owner }}"
|
||||||
|
fileGroup="{{ rsyslog_file_group }}"
|
||||||
|
dirOwner="{{ rsyslog_file_owner }}"
|
||||||
|
dirGroup="{{ rsyslog_file_group }}"
|
||||||
|
umask="{{ rsyslog_umask }}"
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -27,9 +27,18 @@ $FileOwner {{ rsyslog_file_owner }}
|
|||||||
{% if rsyslog_file_group is defined %}
|
{% if rsyslog_file_group is defined %}
|
||||||
$FileGroup {{ rsyslog_file_group }}
|
$FileGroup {{ rsyslog_file_group }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if rsyslog_dir_owner is defined %}
|
||||||
|
$FileOwner {{ rsyslog_dir_owner }}
|
||||||
|
{% endif %}
|
||||||
|
{% if rsyslog_dir_group is defined %}
|
||||||
|
$FileGroup {{ rsyslog_dir_group }}
|
||||||
|
{% endif %}
|
||||||
{% if rsyslog_file_create_mode is defined %}
|
{% if rsyslog_file_create_mode is defined %}
|
||||||
$FileCreateMode {{ rsyslog_file_create_mode }}
|
$FileCreateMode {{ rsyslog_file_create_mode }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if rsyslog_create_dirs is defined %}
|
||||||
|
CreateDirs {{ rsyslog_create_dirs | ternary('on', 'off') }}
|
||||||
|
{% endif %}
|
||||||
{% if rsyslog_dir_create_mode is defined %}
|
{% if rsyslog_dir_create_mode is defined %}
|
||||||
$DirCreateMode {{ rsyslog_dir_create_mode }}
|
$DirCreateMode {{ rsyslog_dir_create_mode }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -1,8 +1,11 @@
|
|||||||
---
|
---
|
||||||
rsyslog_file_owner: syslog
|
rsyslog_file_owner: syslog
|
||||||
rsyslog_file_group: adm
|
rsyslog_file_group: adm
|
||||||
rsyslog_file_create_mode: "0644"
|
rsyslog_dir_owner: syslog
|
||||||
|
rsyslog_dir_group: adm
|
||||||
|
rsyslog_file_create_mode: "0640"
|
||||||
rsyslog_dir_create_mode: "0755"
|
rsyslog_dir_create_mode: "0755"
|
||||||
|
rsyslog_create_dirs: yes
|
||||||
rsyslog_umask: "0022"
|
rsyslog_umask: "0022"
|
||||||
rsyslog_priv_drop_to_user: syslog
|
rsyslog_priv_drop_to_user: syslog
|
||||||
rsyslog_priv_drop_to_group: syslog
|
rsyslog_priv_drop_to_group: syslog
|
||||||
|
|||||||
Reference in New Issue
Block a user