aboutsummaryrefslogtreecommitdiffstats
path: root/roles/web/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/web/tasks')
-rw-r--r--roles/web/tasks/main.yml14
1 files changed, 12 insertions, 2 deletions
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
index 5d736a4..e2b71b7 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/web/tasks/main.yml
@@ -17,7 +17,7 @@
- name: (local) ssl/tls - generate dhparam (4096 bit)
become: false
command: >
- openssl dhparam
+ openssl dhparam
-out "{{ playbook_dir }}/ssl/dhparam4096.pem" 4096
delegate_to: localhost
when: not stat_result.stat.exists
@@ -83,7 +83,7 @@
- name: (local) acme - generate account private key (4096 bit)
become: false
command: >
- openssl genrsa
+ openssl genrsa
-out "{{ playbook_dir }}/private/acme/privkey.pem" 4096
delegate_to: localhost
when: not stat_result.stat.exists
@@ -123,6 +123,16 @@
- name: acme - request domain certificates
command: sh /usr/local/etc/acme/acme-client.sh -e
+- name: acme - setup periodic tasks for cert renewal
+ blockinfile:
+ path: /etc/periodic.conf
+ marker: "# {mark} ANSIBLE MANAGED - acme"
+ block: |
+ # Auto renew certificates with acme-client
+ weekly_acme_client_enable="YES"
+ weekly_acme_client_renewscript="/usr/local/etc/acme/acme-client.sh"
+ weekly_acme_client_deployscript="/usr/local/etc/acme/deploy.sh"
+
- name: nginx - re-generate sites
include_tasks: nginx-gensites.yml
notify: reload-nginx
Copyright © 2017-2018 Aaron LI. All Rights Reserved.