diff --git a/defaults/main.yml b/defaults/main.yml index 6866c2d..a8069a2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,24 @@ # Perform setup step; set false to disable letsencrypt_setup: True +# Provide existing account data to be copied over +letsencrypt_account: "" +# letsencrypt_account: +# hash: 1234567890abcdef1234567890abcdef +# id: 123456789 +# creation_host: localhost +# creation_dt: 2020-12-13T13:12:00Z +# private_key: +# n: 1234 +# e: 5678 +# d: 90ab +# p: cdef +# q: 1234 +# dp: 5678 +# dq: 90ab +# qi: cdef +# kty: RSA + # Set the email address associated with the Let's Encrypt account letsencrypt_account_email: "" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index e48bbd9..fa9ed34 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,3 +4,19 @@ become: true roles: - role: ansible-role-letsencrypt + vars: + letsencrypt_account: + hash: 1234567890abcdef1234567890abcdef + id: 123456789 + creation_host: localhost + creation_dt: 2020-12-13T13:12:00Z + private_key: + n: 1234 + e: 5678 + d: 90ab + p: cdef + q: 1234 + dp: 5678 + dq: 90ab + qi: cdef + kty: RSA diff --git a/tasks/account.yml b/tasks/account.yml new file mode 100644 index 0000000..60c3cc2 --- /dev/null +++ b/tasks/account.yml @@ -0,0 +1,63 @@ +--- + +- name: Install provided Let's Encrypt ACME account + when: letsencrypt_account + block: + + - name: Create ACME v02 account directory + ansible.builtin.file: + path: "{{ letsencrypt_directory }}/{{ item }}" + owner: root + group: root + mode: 0700 + state: directory + with_items: + - accounts + - accounts/acme-v02.api.letsencrypt.org + - accounts/acme-v02.api.letsencrypt.org/directory + - accounts/acme-v02.api.letsencrypt.org/directory/{{ letsencrypt_account.hash }} + + - name: Copy Let's Encrypt account data files + ansible.builtin.template: + src: "account/{{ item }}.j2" + dest: "{{ letsencrypt_directory }}/accounts/acme-v02.api.letsencrypt.org/directory/{{ letsencrypt_account.hash }}/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: + - meta.json + - regr.json + + - name: Copy Let's Encrypt account key file + ansible.builtin.template: + src: account/private_key.json.j2 + dest: "{{ letsencrypt_directory }}/accounts/acme-v02.api.letsencrypt.org/directory/{{ letsencrypt_account.hash }}/private_key.json" + owner: root + group: root + mode: 0400 + +- name: Create new Let's Encrypt ACME account + when: not letsencrypt_account + tags: + - molecule-notest + block: + + - name: Check if a Let's Encrypt account exists + ansible.builtin.stat: + path: "{{ letsencrypt_directory }}/accounts" + register: letsencrypt_reg_accounts_dir + + - name: Prepare optional account email option + ansible.builtin.set_fact: + letsencrypt_opt_email: "{{ letsencrypt_account_email | ternary('--email ' + letsencrypt_account_email, '') }}" + + - name: Create new Let's Encrypt account + ansible.builtin.command: > + certbot register + {{ letsencrypt_opt_test_cert }} + {{ letsencrypt_opt_email }} + {{ letsencrypt_opts_extra }} + --non-interactive --agree-tos --quiet + register: letsencrypt_reg_account + changed_when: letsencrypt_reg_account.rc != 0 + when: not letsencrypt_reg_accounts_dir.stat.exists diff --git a/tasks/install.yml b/tasks/install.yml index 647ca24..694011f 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -66,28 +66,5 @@ tags: - molecule-notest -- name: Check if a Let's Encrypt account exists - ansible.builtin.stat: - path: "{{ letsencrypt_directory }}/accounts" - register: letsencrypt_reg_accounts_dir - -- name: Prepare optional test cert option - ansible.builtin.set_fact: - letsencrypt_opt_email: "{{ letsencrypt_account_email | ternary('--email ' + letsencrypt_account_email, '') }}" - -- name: Prepare optional test cert option - ansible.builtin.set_fact: - letsencrypt_opt_test_cert: "{{ letsencrypt_test | default() | ternary('--test-cert', '') }}" - -- name: Create Let's Encrypt account - ansible.builtin.command: > - certbot register - {{ letsencrypt_opt_test_cert }} - {{ letsencrypt_opt_email }} - {{ letsencrypt_opts_extra }} - --non-interactive --agree-tos --quiet - register: letsencrypt_reg_account - changed_when: letsencrypt_reg_account.rc != 0 - when: not letsencrypt_reg_accounts_dir.stat.exists - tags: - - molecule-notest +- name: Import account setup tasks + ansible.builtin.import_tasks: account.yml diff --git a/templates/account/meta.json.j2 b/templates/account/meta.json.j2 new file mode 100644 index 0000000..b1358f9 --- /dev/null +++ b/templates/account/meta.json.j2 @@ -0,0 +1 @@ +{"creation_dt": "{{ letsencrypt_account.creation_dt }}","creation_host": "{{ letsencrypt_account.creation_host }}"} diff --git a/templates/account/private_key.json.j2 b/templates/account/private_key.json.j2 new file mode 100644 index 0000000..d193b3f --- /dev/null +++ b/templates/account/private_key.json.j2 @@ -0,0 +1,11 @@ +{ + "n": "{{ letsencrypt_account.private_key.n }}", + "e": "{{ letsencrypt_account.private_key.e }}", + "d": "{{ letsencrypt_account.private_key.d }}", + "p": "{{ letsencrypt_account.private_key.p }}", + "q": "{{ letsencrypt_account.private_key.q }}", + "dp": "{{ letsencrypt_account.private_key.dp }}", + "dq": "{{ letsencrypt_account.private_key.dq }}", + "qi": "{{ letsencrypt_account.private_key.qi }}", + "kty": "{{ letsencrypt_account.private_key.kty }}" +} diff --git a/templates/account/regr.json.j2 b/templates/account/regr.json.j2 new file mode 100644 index 0000000..d1d2633 --- /dev/null +++ b/templates/account/regr.json.j2 @@ -0,0 +1 @@ +{"body": {}, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/{{ letsencrypt_account.id }}"}