Change permissions for Let's Encrypt files
This commit is contained in:
parent
5d3d0c380d
commit
1fa94e5ccb
|
@ -1,15 +1,26 @@
|
||||||
---
|
---
|
||||||
|
- name: Create Let's Encrypt system group
|
||||||
|
group:
|
||||||
|
name: '{{ common__certbot__group }}'
|
||||||
|
system: true
|
||||||
|
|
||||||
- name: Install Certbot
|
- name: Install Certbot
|
||||||
apt:
|
apt:
|
||||||
name: certbot
|
name: certbot
|
||||||
|
|
||||||
- name: Create directory for Let's Encrypt configuration
|
- name: Create directories for Let's Encrypt configuration
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: '{{ common__certbot__conf_dir }}'
|
path: '{{ item }}'
|
||||||
mode: 'u=rwx,g=rx,o=rx'
|
mode: 'u=rwx,g=rx,o=rx'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
with_items:
|
||||||
|
- '{{ common__certbot__conf_dir }}'
|
||||||
|
- '{{ common__certbot__archive_dir }}'
|
||||||
|
- '{{ common__certbot__archive_dir }}/{{ common__certbot__cert_name }}'
|
||||||
|
- '{{ common__certbot__live_dir }}'
|
||||||
|
- '{{ common__certbot__live_dir }}/{{ common__certbot__cert_name }}'
|
||||||
|
|
||||||
- name: Install Let's Encrypt config
|
- name: Install Let's Encrypt config
|
||||||
template:
|
template:
|
||||||
|
@ -34,3 +45,42 @@
|
||||||
changed_when: >-
|
changed_when: >-
|
||||||
common__certbot__result.stdout is
|
common__certbot__result.stdout is
|
||||||
not search('Certificate not yet due for renewal; no action taken.')
|
not search('Certificate not yet due for renewal; no action taken.')
|
||||||
|
|
||||||
|
- name: Find Let's Encrypt certificates and chains
|
||||||
|
register: certs_and_chains
|
||||||
|
find:
|
||||||
|
paths: '{{ common__certbot__archive_dir }}/{{ common__certbot__cert_name }}'
|
||||||
|
patterns:
|
||||||
|
- 'cert*.pem'
|
||||||
|
- 'chain*.pem'
|
||||||
|
- 'fullchain*.pem'
|
||||||
|
|
||||||
|
- name: Find Let's Encrypt private keys
|
||||||
|
register: privkeys
|
||||||
|
find:
|
||||||
|
paths: '{{ common__certbot__archive_dir }}/{{ common__certbot__cert_name }}'
|
||||||
|
patterns: 'privkey*.pem'
|
||||||
|
|
||||||
|
- name: Display Let's Encrypt certificates and chains
|
||||||
|
debug:
|
||||||
|
msg: "{{ certs_and_chains.files | map(attribute='path') | list }}"
|
||||||
|
|
||||||
|
- name: Display Let's Encrypt private keys
|
||||||
|
debug:
|
||||||
|
msg: "{{ privkeys.files | map(attribute='path') | list }}"
|
||||||
|
|
||||||
|
- name: Change group of Let's Encrypt certificates and chains
|
||||||
|
file:
|
||||||
|
path: '{{ item }}'
|
||||||
|
mode: 'u=rw,g=r,o=r'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
with_items: "{{ certs_and_chains.files | map(attribute='path') | list }}"
|
||||||
|
|
||||||
|
- name: Change group of Let's Encrypt private keys
|
||||||
|
file:
|
||||||
|
path: '{{ item }}'
|
||||||
|
mode: 'u=rw,g=r,o='
|
||||||
|
owner: root
|
||||||
|
group: '{{ common__certbot__group }}'
|
||||||
|
with_items: "{{ privkeys.files | map(attribute='path') | list }}"
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
---
|
---
|
||||||
|
common__certbot__group: 'letsencrypt'
|
||||||
common__certbot__conf_dir: '/etc/letsencrypt'
|
common__certbot__conf_dir: '/etc/letsencrypt'
|
||||||
common__certbot__conf_cli: '{{ common__certbot__conf_dir }}/cli.ini'
|
common__certbot__conf_cli: '{{ common__certbot__conf_dir }}/cli.ini'
|
||||||
common__certbot__conf_nginx: '{{ common__certbot__conf_dir }}/options-ssl-nginx.conf'
|
common__certbot__conf_nginx: '{{ common__certbot__conf_dir }}/options-ssl-nginx.conf'
|
||||||
|
common__certbot__archive_dir: '{{ common__certbot__conf_dir }}/archive'
|
||||||
|
common__certbot__live_dir: '{{ common__certbot__conf_dir }}/live'
|
||||||
|
|
||||||
common__iptables__conf_dir: '/etc/iptables'
|
common__iptables__conf_dir: '/etc/iptables'
|
||||||
common__iptables__conf_ipv4: '{{ common__iptables__conf_dir }}/rules.v4'
|
common__iptables__conf_ipv4: '{{ common__iptables__conf_dir }}/rules.v4'
|
||||||
|
|
Loading…
Reference in New Issue