diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-12-28 14:40:05 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-12-28 14:40:28 +0100 |
| commit | fd412b529a59e1f3981eb18d54b7472e1cca2a20 (patch) | |
| tree | 7459181e2d252b384464cbcaa783f468eb5bd6f4 | |
| parent | f827376dd778e4b96f1c8a9b3db12faa516ebed5 (diff) | |
Only install letsencrypt-tiny to the relevant hosts.
| -rw-r--r-- | common.yml | 6 | ||||
| -rw-r--r-- | roles/common/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/main.yml | 26 |
3 files changed, 5 insertions, 30 deletions
@@ -16,11 +16,15 @@ hosts: IMAP:MX:MSA:webmail:lists:wiki:git gather_facts: False tasks: + - name: Install dependencies for letsencrypt-tiny + apt: pkg={{ item }} + with_items: + - liblwp-protocol-https-perl + - socat - name: Copy LetsEncrypt's ACME client copy: src=deb/letsencrypt-tiny_0.1-1_all.deb dest=/tmp notify: Install LetsEncrypt's ACME client - - genkey - name: Create a user 'letsencrypt' user: name=letsencrypt system=yes group=nogroup diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index a852c4d..47e3db8 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -44,9 +44,6 @@ - name: Restart bacula-fd service: name=bacula-fd state=restarted -- name: Update certificate - command: update-ca-certificates - - name: Restart munin-node service: name=munin-node state=restarted diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 955493a..3b95c92 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -45,29 +45,3 @@ - rsync - screen - telnet-ssl - # for letencrypt - - liblwp-protocol-https-perl - - socat - -# XXX: this is a workaround the CAcert root CAs not being present in -# Jessie. In stretch, we would merely install the 'ca-cacert' package. -- name: Create directory /usr/local/share/ca-certificates/CAcert - file: path=/usr/local/share/ca-certificates/CAcert - state=directory - owner=root group=root - mode=0755 - tags: - - certs - -- name: Copy CAcert root CAs - copy: src=certs/CAcert/{{ item }} - dest=/usr/local/share/ca-certificates/CAcert/{{ item }} - owner=root group=root - mode=0644 - with_items: - - root.crt - - class3.crt - tags: - - certs - notify: - - Update certificate |