66 lines
1.4 KiB
YAML
66 lines
1.4 KiB
YAML
---
|
|
|
|
- name: SSL packages
|
|
become: yes
|
|
package:
|
|
name:
|
|
- certbot
|
|
- openssl
|
|
|
|
- name: Services
|
|
become: yes
|
|
register: services
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/lib/systemd/system
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop:
|
|
- "certbot.service"
|
|
- "certbot.timer"
|
|
|
|
- name: Enable timer
|
|
when: services.changed
|
|
systemd:
|
|
daemon_reload: yes
|
|
name: certbot.timer
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Create letsencrypt folder
|
|
become: yes
|
|
file:
|
|
path: /var/lib/letsencrypt
|
|
owner: root
|
|
group: http
|
|
mode: 2755
|
|
|
|
- name: Copy TLSA script
|
|
become: yes
|
|
template:
|
|
src: tlsa-generation.bash.j2
|
|
dest: /usr/local/sbin/tlsa-generation.bash
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
|
|
- name: Get proposed TLSA records
|
|
become: yes
|
|
command: /usr/local/sbin/tlsa-generation.bash
|
|
register: tlsa_records
|
|
|
|
- name: Show proposed TLSA records
|
|
debug:
|
|
msg: "{{ tlsa_records.stdout_lines }}"
|
|
|
|
- name: Get TLSA records
|
|
delegate_to: localhost
|
|
run_once: yes
|
|
command: "/bin/bash -c 'printf _443._tcp\\ ; dig _443._tcp.{{ external_domain }} TLSA +short; printf _6697._tcp\\ ; dig _6697._tcp.{{ external_domain }} TLSA +short'"
|
|
register: ext_tlsa_records
|
|
|
|
- name: Show TLSA records
|
|
debug:
|
|
msg: "{{ ext_tlsa_records.stdout_lines }}"
|