38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
---
|
|
- name: domaincontroller | certs | ensure step-ca root cert is trusted
|
|
include_role:
|
|
name: base
|
|
tasks_from: system_setup/import_stepca.yml
|
|
|
|
- name: domaincontroller | certs | obtain certificate from step-ca via certbot
|
|
command: >
|
|
certbot certonly --standalone -n
|
|
-d {{ ansible_fqdn }}
|
|
--server {{ samba_stepca_server_url }}/acme/acme/directory
|
|
--agree-tos
|
|
--email admin@{{ samba_realm | lower }}
|
|
args:
|
|
creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem
|
|
notify: restart samba-ad-dc
|
|
|
|
- name: domaincontroller | certs | create certbot.service override directory
|
|
file:
|
|
path: /etc/systemd/system/certbot.service.d
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: domaincontroller | certs | create service override for step-ca
|
|
copy:
|
|
dest: /etc/systemd/system/certbot.service.d/override.conf
|
|
content: |
|
|
[Service]
|
|
Environment="REQUESTS_CA_BUNDLE=/root/root_ca.crt"
|
|
mode: '0644'
|
|
notify: systemd daemon-reload
|
|
|
|
- name: domaincontroller | certs | enable and start certbot timer
|
|
systemd:
|
|
name: certbot.timer
|
|
state: started
|
|
enabled: true
|