diff options
Diffstat (limited to 'roles/common')
| -rw-r--r-- | roles/common/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/main.yml | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index a852c4d..07047c7 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -35,20 +35,23 @@ - name: Restart Postfix service: name=postfix state=restarted - name: Reload Postfix service: name=postfix state=reloaded - name: Restart stunnel service: name=stunnel4 pattern=/usr/bin/stunnel4 state=restarted - name: Restart bacula-fd service: name=bacula-fd state=restarted - name: Update certificate command: update-ca-certificates - name: Restart munin-node service: name=munin-node state=restarted - name: Restart freshclam service: name=clamav-freshclam state=restarted + +- name: Install LetsEncrypt's ACME client + apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 470a6b2..955493a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -28,40 +28,43 @@ command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem tags: genkey - include: logging.yml tags=logging - include: ntp.yml tags=ntp - include: mail.yml tags=mail,postfix - include: bacula.yml tags=bacula-fd,bacula - include: munin-node.yml tags=munin-node,munin - name: Install common packages apt: pkg={{ item }} with_items: - ca-certificates - etckeeper - ethtool - git - htop - molly-guard - rsync - screen - telnet-ssl + # for letencrypt + - liblwp-protocol-https-perl + - socat # XXX: this is a workaround the CAcert root CAs not being present in # Jessie. In stretch, we would merely install the 'ca-cacert' package. - name: Create directory /usr/local/share/ca-certificates/CAcert file: path=/usr/local/share/ca-certificates/CAcert state=directory owner=root group=root mode=0755 tags: - certs - name: Copy CAcert root CAs copy: src=certs/CAcert/{{ item }} dest=/usr/local/share/ca-certificates/CAcert/{{ item }} owner=root group=root mode=0644 with_items: - root.crt - class3.crt tags: |