josiah
7b7284c32f
all of this is required for the synology LE role to work. this is still a massive WIP commit. synology LE works, but synology webdav using that LE cert does not yet work. there appears to be some cipher mismatch issue by default.
57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
---
|
|
|
|
- name: Add synology server to known_hosts
|
|
known_hosts:
|
|
name: "{{ acmedns_syno_updater_syn_server }}"
|
|
key: "{{ acmedns_syno_updater_syn_server_pubkey }}"
|
|
become: yes
|
|
become_user: "{{ acmedns_syno_updater_user }}"
|
|
|
|
- name: Install script
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: "{{ acmedns_syno_updater_group }}"
|
|
mode: "0750"
|
|
with_items:
|
|
- src: acmedns_update.sh.j2
|
|
dest: "{{ acmedns_syno_updater_script_path }}"
|
|
|
|
- name: Configure cronvar
|
|
cronvar:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
cron_file: "{{ acmedns_syno_updater_cron_file }}"
|
|
with_items:
|
|
- name: MAILTO
|
|
value: "{{ acmedns_syno_updater_email }}"
|
|
|
|
- name: Configure cronjob
|
|
cron:
|
|
name: "{{ acmedns_syno_updater_job_name }}"
|
|
day: "*"
|
|
hour: "3"
|
|
minute: "47"
|
|
job: "{{ acmedns_syno_updater_script_path }}"
|
|
user: "{{ acmedns_syno_updater_user }}"
|
|
cron_file: "{{ acmedns_syno_updater_cron_file }}"
|
|
|
|
- name: Run wrapper script once
|
|
# Wrapper script passes --days, so this won't contact Let's Encrypt unless necessary
|
|
command: "{{ acmedns_syno_updater_script_path }}"
|
|
become: yes
|
|
become_user: "{{ acmedns_syno_updater_user }}"
|
|
when: acmedns_syno_updater_runonce|bool
|
|
|
|
- name: Allow all users to run wrapper script as our user
|
|
lineinfile:
|
|
path: /etc/sudoers.d/acmedns_{{ acmedns_syno_updater_job_name }}
|
|
line: "ALL ALL=({{ acmedns_syno_updater_user }}) NOPASSWD: {{ acmedns_syno_updater_script_path }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
create: yes
|
|
validate: visudo -cf %s
|
|
|