initial commit

tasks/compile_acme.yml

@@ -0,0 +1,16 @@
+- name: download acme-portable
+  git:
+    repo: https://github.com/graywolf/acme-client-portable
+    dest: "{{src_dir}}/acme-client-portable"
+    version: HEAD # user newest master
+  notify: acme_autoreconf
+
+- name: install build dependencies (debian)
+  apt:
+    name: "{{acme_build_dependencies_apt}}"
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: install build dependencies (openSUSE)
+  apt:
+    name: "{{acme_build_dependencies_zypper}}"
+  when: ansible_distribution == 'openSUSE Leap'

tasks/main.yml

@@ -0,0 +1,53 @@
+- name: get openssl version
+  command: "openssl version"
+  register: openssl_version
+  changed_when: false
+
+- fail:
+    msg: "OpenSSL too old!"
+  when: openssl_version.stdout.split()[1] is version('1.1.1', '<')
+
+- name: compile acme-client
+  include_tasks: compile_acme.yml
+  when: acme_compile and not acme_justrun
+
+- name: add config
+  template:
+    src: acme.j2
+    dest: /etc/acme-client.conf
+  notify: "renew certs"
+
+- name: add renew script
+  template:
+    src: renew_certs.j2
+    dest: "{{acme_renew_script_path}}/renew_certs"
+    owner: root
+    group: root
+    mode: 0755
+  when: acme_renew_script
+
+- name: add daily cronjob (renew_script)
+  cron:
+    name: renew certs
+    minute: "0"
+    hour: "4"
+    job: "{{acme_renew_script_path}}/renew_certs"
+  when: acme_renew_script and acme_add_cronjob
+
+- name: add daily cronjobs
+  cron:
+    name: "renew certs for domain {{item.domain}}"
+    minute: "0"
+    hour: "4"
+    job: "/usr/local/bin/acme-client {{item.domain}}"
+  loop: "{{acme_hosts}}"
+  loop_control:
+    label: "{{item.domain}}"
+  when: not acme_renew_script and acme_add_cronjob
+
+- name: run acme-client
+  shell: "/usr/local/bin/acme-client {{item.domain}}"
+  when: acme_justrun
+  loop: "{{acme_hosts}}"
+  loop_control:
+    label: "{{item.domain}}"