51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
# vim:syntax=yaml
|
|
---
|
|
{%- from "acme/map.jinja" import acme with context %}
|
|
acme-install:
|
|
cmd.run:
|
|
- name: "curl https://get.acme.sh | sh"
|
|
- runas: root
|
|
- cwd: /root
|
|
- env:
|
|
- HOME: /root
|
|
- unless: /bin/bash -c "[[ -f /root/.acme.sh/acme.sh ]]"
|
|
|
|
acme-upgrade:
|
|
cmd.run:
|
|
- name: /root/.acme.sh/acme.sh --upgrade
|
|
- runas: root
|
|
- cwd: /root
|
|
- env:
|
|
- HOME: /root
|
|
- require:
|
|
- cmd: acme-install
|
|
|
|
{%- for dir in acme.directories %}
|
|
acme-directories-{{ dir }}:
|
|
file.directory:
|
|
- name: {{ dir }}
|
|
- makedirs: true
|
|
{%- endfor %}
|
|
|
|
acme-dh-params:
|
|
cmd.run:
|
|
- name: openssl dhparam -out {{ acme.dh.path }} {{ acme.dh.keysize }}
|
|
- creates: {{ acme.dh.path }}
|
|
|
|
acme-certs:
|
|
cmd.run:
|
|
- name: /root/.acme.sh/acme.sh --debug --issue {%- for dom in acme.domains %} -d '{{ dom }}' {% endfor -%} --dns dns_ovh --cert-file '' --key-file '{{ acme.keyfile }}' --fullchain-file '{{ acme.fullchainfile }}' -k {{ acme.keysize }}
|
|
- env:
|
|
- OVH_AK: '{{ acme.provider.api.application_key }}'
|
|
- OVH_AS: '{{ acme.provider.api.application_secret }}'
|
|
- OVH_CK: '{{ acme.provider.api.consumer_key }}'
|
|
- HOME: '/root'
|
|
- success_retcodes:
|
|
- 0
|
|
- 1
|
|
- 2
|
|
- runas: root
|
|
- cwd: /root
|
|
- require:
|
|
- cmd: acme-install
|