Deploy cerbot on virtu

2022-02-24 13:26:43 +01:00 · 2022-02-24 13:26:43 +01:00 · 038168732d
parent 40d5e3a11a
commit 038168732d
4 changed files with 73 additions and 0 deletions
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@ -8,3 +8,27 @@ loc_postgres:
  version: 13
  replica: true
  addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
+
+loc_certbot:
+  - mail: root@crans.org
+    certname: crans.org
+    domains: "*.adm.crans.org, *.crans.org"
+
+loc_service_certbot:
+  config:
+    "crans.org":
+      zone: _acme-challenge.crans.org
+      server: 172.16.10.147
+      port: 53
+      key:
+        name: certbot_challenge.
+        secret: "{{ vault.certbot_dns_secret }}"
+        algorithm: HMAC-SHA512
+    "adm.crans.org":
+      zone: _acme-challenge.adm.crans.org
+      server: 172.16.10.147
+      port: 53
+      key:
+        name: certbot_adm_challenge.
+        secret: "{{ vault.certbot_adm_dns_secret }}"
+        algorithm: HMAC-SHA512
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@ -8,3 +8,27 @@ loc_postgres:
  version: 13
  replica: true
  addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
+
+loc_certbot:
+  - mail: root@crans.org
+    certname: crans.org
+    domains: "*.adm.crans.org, *.crans.org"
+
+loc_service_certbot:
+  config:
+    "crans.org":
+      zone: _acme-challenge.crans.org
+      server: 172.16.10.147
+      port: 53
+      key:
+        name: certbot_challenge.
+        secret: "{{ vault.certbot_dns_secret }}"
+        algorithm: HMAC-SHA512
+    "adm.crans.org":
+      zone: _acme-challenge.adm.crans.org
+      server: 172.16.10.147
+      port: 53
+      key:
+        name: certbot_adm_challenge.
+        secret: "{{ vault.certbot_adm_dns_secret }}"
+        algorithm: HMAC-SHA512
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@ -8,3 +8,27 @@ loc_postgres:
  version: 13
  replica: true
  addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
+
+loc_certbot:
+  - mail: root@crans.org
+    certname: crans.org
+    domains: "*.adm.crans.org, *.crans.org"
+
+loc_service_certbot:
+  config:
+    "crans.org":
+      zone: _acme-challenge.crans.org
+      server: 172.16.10.147
+      port: 53
+      key:
+        name: certbot_challenge.
+        secret: "{{ vault.certbot_dns_secret }}"
+        algorithm: HMAC-SHA512
+    "adm.crans.org":
+      zone: _acme-challenge.adm.crans.org
+      server: 172.16.10.147
+      port: 53
+      key:
+        name: certbot_adm_challenge.
+        secret: "{{ vault.certbot_adm_dns_secret }}"
+        algorithm: HMAC-SHA512
--- a/1
+++ b/1
@ -38,6 +38,7 @@ jitsi
 mailman
 postfix
 reverseproxy
+virtu
 vsftpd_mirror

 [constellation:children]