59 lines
1.8 KiB
YAML
59 lines
1.8 KiB
YAML
|
---
|
||
|
|
||
|
- name: Add bouncer server to known_hosts
|
||
|
known_hosts:
|
||
|
name: "{{ acmedns_bouncer_updater_bouncer_server }}"
|
||
|
key: "{{ acmedns_bouncer_updater_bouncer_server_pubkey }}"
|
||
|
become: yes
|
||
|
become_user: "{{ acmedns_bouncer_updater_user }}"
|
||
|
|
||
|
- name: Install script
|
||
|
template:
|
||
|
src: "{{ item.src }}"
|
||
|
dest: "{{ item.dest }}"
|
||
|
owner: root
|
||
|
group: "{{ acmedns_bouncer_updater_group }}"
|
||
|
mode: "0750"
|
||
|
with_items:
|
||
|
- src: acmedns_update.sh.j2
|
||
|
dest: "{{ acmedns_bouncer_updater_script_path }}"
|
||
|
|
||
|
- name: Configure cronvar
|
||
|
cronvar:
|
||
|
name: "{{ item.name }}"
|
||
|
value: "{{ item.value }}"
|
||
|
cron_file: "{{ acmedns_bouncer_updater_cron_file }}"
|
||
|
with_items:
|
||
|
- name: MAILTO
|
||
|
value: "{{ acmedns_bouncer_updater_email }}"
|
||
|
|
||
|
- name: Configure cronjob
|
||
|
cron:
|
||
|
name: "{{ acmedns_bouncer_updater_job_name }}"
|
||
|
day: "*"
|
||
|
hour: "3"
|
||
|
minute: "47"
|
||
|
job: "{{ acmedns_bouncer_updater_script_path }}"
|
||
|
user: "{{ acmedns_bouncer_updater_user }}"
|
||
|
cron_file: "{{ acmedns_bouncer_updater_cron_file }}"
|
||
|
|
||
|
- name: Copy a new "httpd-ssl.conf-cipher" file into place
|
||
|
template: src=acmedns_httpd-ssl.conf-cipher dest=/etc/acmedns/certificates/storage/certificates/httpd-ssl.conf-cipher owner=root mode=0644
|
||
|
|
||
|
- name: Run wrapper script once
|
||
|
# Wrapper script passes --days, so this won't contact Let's Encrypt unless necessary
|
||
|
command: "{{ acmedns_bouncer_updater_script_path }}"
|
||
|
become: yes
|
||
|
become_user: "{{ acmedns_bouncer_updater_user }}"
|
||
|
when: acmedns_bouncer_updater_runonce|bool
|
||
|
|
||
|
- name: Allow all users to run wrapper script as our user
|
||
|
lineinfile:
|
||
|
path: /etc/sudoers.d/acmedns_{{ acmedns_bouncer_updater_job_name }}
|
||
|
line: "ALL ALL=({{ acmedns_bouncer_updater_user }}) NOPASSWD: {{ acmedns_bouncer_updater_script_path }}"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: "0640"
|
||
|
create: yes
|
||
|
validate: visudo -cf %s
|