- name: get acme files
|
hosts: primary.eenfach.de
|
become: yes
|
tasks:
|
- name: fetch cert files...
|
fetch:
|
src: '/etc/pjac/certdir/{{ item }}'
|
dest: acme/
|
flat: yes
|
loop:
|
- cert.pem
|
- chain.pem
|
- fullchain.pem
|
- name: fetch key file...
|
fetch:
|
src: /etc/pjac/eenfach.de.key
|
dest: acme/
|
flat: yes
|
|
- name: push certs to webserver
|
hosts: web.eenfach.de
|
become: yes
|
tasks:
|
- name: copy key file
|
copy:
|
src: acme/eenfach.de.key
|
dest: /opt/apache24/conf/acme/eenfach.de.key
|
owner: root
|
group: webservd
|
mode: 0640
|
notify: restart apache24
|
- name: copy cert files
|
copy:
|
src: 'acme/{{ item }}'
|
dest: '/opt/apache24/conf/acme/certdir/{{ item }}'
|
owner: root
|
group: webservd
|
mode: 0640
|
loop:
|
- cert.pem
|
- chain.pem
|
- fullchain.pem
|
notify: restart apache24
|
|
handlers:
|
- name: restart apache24
|
service:
|
name: svc:/network/apache24:default
|
state: restarted
|
|
- name: push certs to mailserver
|
hosts: smail.eenfach.de
|
become: yes
|
tasks:
|
- name: copy cert files
|
copy:
|
src: 'acme/{{ item }}'
|
dest: '/etc/mail/certs/{{ item }}'
|
owner: root
|
group: root
|
mode: 0600
|
loop:
|
- cert.pem
|
- chain.pem
|
- fullchain.pem
|
- eenfach.de.key
|
notify:
|
- restart sendmail
|
- restart dovecot
|
handlers:
|
- name: restart sendmail
|
service:
|
name: svc:/network/sendmail:sendmail
|
state: restarted
|
- name: restart dovecot
|
service:
|
name: svc:/network/dovecot:dovecot
|
state: restarted
|
|
- name: push certs to openfire
|
hosts: openfire.eenfach.de
|
become: yes
|
tasks:
|
- name: copy cert files
|
copy:
|
src: 'acme/{{ item }}'
|
dest: '/opt/openfire/openfire/resources/security/hotdeploy/{{ item }}'
|
owner: openfire
|
group: openfire
|
mode: 0600
|
loop:
|
- cert.pem
|
- fullchain.pem
|
- eenfach.de.key
|
