--- - name: Add bouncer server to known_hosts known_hosts: name: "{{ acmedns_bouncer_updater_bouncer_server }}" key: "{{ acmedns_bouncer_updater_bouncer_server_pubkey }}" become: yes become_user: "{{ acmedns_bouncer_updater_user }}" - name: Install script template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: "{{ acmedns_bouncer_updater_group }}" mode: "0750" with_items: - src: acmedns_update.sh.j2 dest: "{{ acmedns_bouncer_updater_script_path }}" - name: Configure cronvar cronvar: name: "{{ item.name }}" value: "{{ item.value }}" cron_file: "{{ acmedns_bouncer_updater_cron_file }}" with_items: - name: MAILTO value: "{{ acmedns_bouncer_updater_email }}" - name: Configure cronjob cron: name: "{{ acmedns_bouncer_updater_job_name }}" day: "*" hour: "3" minute: "47" job: "{{ acmedns_bouncer_updater_script_path }}" user: "{{ acmedns_bouncer_updater_user }}" cron_file: "{{ acmedns_bouncer_updater_cron_file }}" - name: Copy a new "httpd-ssl.conf-cipher" file into place template: src=acmedns_httpd-ssl.conf-cipher dest=/etc/acmedns/certificates/storage/certificates/httpd-ssl.conf-cipher owner=root mode=0644 - name: Run wrapper script once # Wrapper script passes --days, so this won't contact Let's Encrypt unless necessary command: "{{ acmedns_bouncer_updater_script_path }}" become: yes become_user: "{{ acmedns_bouncer_updater_user }}" when: acmedns_bouncer_updater_runonce|bool - name: Allow all users to run wrapper script as our user lineinfile: path: /etc/sudoers.d/acmedns_{{ acmedns_bouncer_updater_job_name }} line: "ALL ALL=({{ acmedns_bouncer_updater_user }}) NOPASSWD: {{ acmedns_bouncer_updater_script_path }}" owner: root group: root mode: "0640" create: yes validate: visudo -cf %s