Kapisi/roles/SSL/tasks/main.yml

67 lines
1.4 KiB
YAML
Raw Permalink Normal View History

2020-10-08 16:33:19 -05:00
---
- name: SSL packages
become: yes
package:
name:
2020-10-08 16:33:19 -05:00
- certbot
- openssl
2022-01-25 23:54:43 -06:00
- name: Services
become: yes
register: services
copy:
src: "{{ item }}"
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0644
loop:
2022-01-25 23:54:43 -06:00
- "certbot.service"
- "certbot.timer"
- name: Enable timer
when: services.changed
become: yes
2022-01-25 23:54:43 -06:00
systemd:
daemon_reload: yes
name: certbot.timer
enabled: yes
state: started
2022-01-25 23:54:43 -06:00
- name: Create letsencrypt folder
become: yes
file:
path: /var/lib/letsencrypt
owner: root
group: http
mode: 2755
- name: Copy TLSA script
become: yes
template:
src: tlsa-generation.bash.j2
dest: /usr/local/sbin/tlsa-generation.bash
owner: root
group: root
mode: 0700
- name: Get proposed TLSA records
become: yes
command: /usr/local/sbin/tlsa-generation.bash
register: tlsa_records
2022-01-25 23:54:43 -06:00
- name: Show proposed TLSA records
debug:
msg: "{{ tlsa_records.stdout_lines }}"
- name: Get TLSA records
delegate_to: localhost
run_once: yes
command: "/bin/bash -c 'printf _443._tcp\\ ; dig _443._tcp.{{ external_domain }} TLSA +short; printf _6697._tcp\\ ; dig _6697._tcp.{{ external_domain }} TLSA +short'"
register: ext_tlsa_records
2022-01-25 23:54:43 -06:00
- name: Show TLSA records
debug:
msg: "{{ ext_tlsa_records.stdout_lines }}"