evoacme: add squid whitelist for ocsp server
This commit is contained in:
parent
708860770a
commit
f068684a76
|
@ -13,3 +13,8 @@
|
||||||
- name: apt update
|
- name: apt update
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: reload squid3
|
||||||
|
service:
|
||||||
|
name: squid3
|
||||||
|
state: reloaded
|
||||||
|
|
|
@ -53,3 +53,25 @@
|
||||||
src: certbot.cron
|
src: certbot.cron
|
||||||
dest: /etc/cron.daily/certbot
|
dest: /etc/cron.daily/certbot
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Is Squid installed?
|
||||||
|
command: "command -v squid3"
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
check_mode: no
|
||||||
|
register: is_squid3_installed
|
||||||
|
|
||||||
|
- name: Find squid3 config whitelist
|
||||||
|
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
check_mode: no
|
||||||
|
register: squid3_whitelist_files
|
||||||
|
|
||||||
|
- name: Let's Encrypt OCSP server is authorized by squid
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
|
||||||
|
line: "http://ocsp.int-x3.letsencrypt.org/.*"
|
||||||
|
state: present
|
||||||
|
notify: reload squid3
|
||||||
|
when: is_squid3_installed.rc == 0 and squid3_whitelist_files.stdout != ""
|
||||||
|
|
Loading…
Reference in a new issue