7611fb9d76
* add dehydrated role with pdns-api.sh support * Minor changes to Readme * Remove Meta * move dehydrated to linse * Remove Zuckerwatte from PR (nothing to do with dehydrated) * Add other domains to dehydrated config, added hook_chain * Add authorized keys for cert user, add structures in /home/cert/ for checking out certs * Send dehydrated ouput to /dev/null * user authorized_keys module, add kumpir key * Fix typo. Use \\n for each ssh-key * remove unnecessary .ssh creation (done by authorized_key module) * Added wrapper script to execute two hooks: pdns_api.sh + deploy certificates * Remove challengetype variable, as only dns-01 is supported anyway. * Add freifunk-mainz.de domain * fix cert deploy script.
28 lines
746 B
YAML
28 lines
746 B
YAML
---
|
|
- name: Ensure certificate directory exists
|
|
file:
|
|
path: "/etc/dehydrated/certs/{{ item.name }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
loop: "{{ dehydrated_cert_config }}"
|
|
|
|
- name: Generate per certificate configs
|
|
template:
|
|
dest: "/etc/dehydrated/certs/{{ item.name }}/config"
|
|
src: certconfig.j2
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
loop: "{{ dehydrated_cert_config }}"
|
|
when: item.state|default('present') == "present"
|
|
notify: run dehydrated
|
|
|
|
- name: Remove per certificate configs
|
|
file:
|
|
path: "/etc/dehydrated/certs/{{ item.name }}/config"
|
|
state: absent
|
|
loop: "{{ dehydrated_cert_config }}"
|
|
when: item.state|default('present') == "absent"
|
|
notify: run dehydrated
|