crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'certbot' into 'newinfra' 

[Certbot] Praise new infra

See merge request nounous/ansible!99
certbot_on_virtu
_pollion 2020-10-12 18:41:55 +02:00
parent aa7bbbd046 d45fff9176
commit 3c9c4c2e76
7 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
group_vars/certbot.yml 100644
View File

@ -0,0 +1,8 @@
---
glob_certbot:
dns_rfc2136_server: '172.16.10.147'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "crans.org"

10
host_vars/gitzly.adm.crans.org.yml 100644
View File

@ -0,0 +1,10 @@
---
interfaces:
adm: ens18
srv: ens19
loc_certbot:
dns_rfc2136_name: certbot_adm_challenge.
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
certname: adm.crans.org
domains: "*.adm.crans.org"

7
hosts
View File

@ -23,6 +23,12 @@
# [test_vm] # [test_vm]
# re2o-test.adm.crans.org # re2o-test.adm.crans.org
[certbot]
gitzly.adm.crans.org
[certbot:children]
radius # We use certbot to manage LE certificates
[nginx_rtmp] [nginx_rtmp]
fluxx.adm.crans.org fluxx.adm.crans.org
@ -88,6 +94,7 @@ routeur-daniel.adm.crans.org
belenios # on changera plus tard belenios # on changera plus tard
re2o-ldap.adm.crans.org re2o-ldap.adm.crans.org
gitlab-ci.adm.crans.org gitlab-ci.adm.crans.org
gitzly.adm.crans.org
hodaur.adm.crans.org hodaur.adm.crans.org
monitoring.adm.crans.org monitoring.adm.crans.org
boeing.adm.crans.org boeing.adm.crans.org

9
plays/certbot.yml 100755
View File

@ -0,0 +1,9 @@
#!/usr/bin/env ansible-playbook
---
# Deploy certbot for LE certificates
- hosts: certbot
vars:
certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
mirror: '{{ glob_mirror }}'
roles:
- certbot

2
plays/freeradius.yml
View File

@ -3,7 +3,9 @@
# Deploy radius server # Deploy radius server
- hosts: radius - hosts: radius
vars: vars:
certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}' freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
mirror: '{{ glob_mirror }}' mirror: '{{ glob_mirror }}'
roles: roles:
- certbot
- freeradius - freeradius

7
radius.yml
View File

@ -2,12 +2,7 @@
--- ---
- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org - hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
vars: vars:
certbot: certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "crans.org"
bind: bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
roles: roles:

2
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
View File

@ -1,6 +1,6 @@
{{ ansible_header | comment(decoration='# ') }} {{ ansible_header | comment(decoration='# ') }}
dns_rfc2136_server = {{ dns_masters_ipv4 | first }} dns_rfc2136_server = {{ certbot.dns_rfc2136_server }}
dns_rfc2136_port = 53 dns_rfc2136_port = 53
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }} dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }} dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}