--- # file: acmetool/tasks/main.yml - name: ensure acmetool is installed apt: name: acmetool state: present tags: - acmetool - packages - name: ensure we have our response file template: src: response-file.yml.j2 dest: /var/lib/acme/quickstart-reponses.yml owner: root group: root mode: '0644' tags: - acmetool - config - name: check if acmetool is configured command: acmetool status register: acmetool_status changed_when: false tags: - acmetool - config - name: initially configure acmetool # yamllint disable-line rule:line-length command: acmetool quickstart --expert --batch --response-file /var/lib/acme/quickstart-reponses.yml when: not acmetool_status.stdout is search(acmetool_endpoint) tags: - acmetool - config - name: ensure acmetool reloads the right service template: src: reload-config.j2 dest: /etc/default/acme-reload owner: root group: root mode: '0644' tags: - acmetool - config - name: ensure we can modify the systemd unit file: path: /etc/systemd/system/acmetool.service.d state: directory owner: root group: root mode: '0755' notify: - reload systemd service files when: "'nginx-proxy' in acmetool_services" tags: - acmetool - services - name: ensure systemd waits for the right service copy: src: service-after.conf dest: /etc/systemd/system/acmetool.service.d/nginx-proxy.conf owner: root group: root mode: '0644' notify: - reload systemd service files when: "'nginx-proxy' in acmetool_services" tags: - acmetool - services - name: ensure the desired certificates are configured template: src: desired.conf dest: "/var/lib/acme/desired/{{item.hostnames[0]}}" owner: root group: root mode: '0644' with_items: "{{acmetool_certificates}}" notify: - update certificates tags: - acmetool - certificates - name: get activated certificates find: paths: /var/lib/acme/desired pattern: "*" file_type: file register: active_certificates tags: - acmetool - certificates - name: deactivate unconfigured certificates file: path: "/var/lib/acme/desired/{{item}}" state: absent # yamllint disable-line rule:line-length loop: "{{active_certificates.files|map(attribute='path')|map('basename')|difference(acmetool_certificates|map(attribute='hostnames')|map('first'))|list}}" loop_control: label: "{{item}}" notify: - update certificates tags: - acmetool - certificates - name: test if the desired certificates are present stat: path: "/var/lib/acme/live/{{item.hostnames[0]}}" register: live_stat changed_when: not live_stat.stat.exists with_items: "{{acmetool_certificates}}" notify: - update certificates tags: - acmetool - certificates - name: ensure certificates are updated regularly systemd: name: acmetool.timer enabled: true state: started tags: - acmetool - services