Certbot role for gitzly
parent
e54244e0c7
commit
80040dd35c
20
network.yml
20
network.yml
|
|
@ -51,7 +51,25 @@
|
||||||
# Deploy reverse proxy
|
# Deploy reverse proxy
|
||||||
- hosts: bakdaur.adm.crans.org
|
- hosts: bakdaur.adm.crans.org
|
||||||
vars:
|
vars:
|
||||||
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
certbot:
|
||||||
|
dns_rfc2136_name: certbot_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
|
mail: root@crans.org
|
||||||
|
certname: crans.org
|
||||||
|
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
|
||||||
|
bind:
|
||||||
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
||||||
|
roles:
|
||||||
|
- certbot
|
||||||
|
|
||||||
|
- hosts: gitzly.adm.crans.org
|
||||||
|
vars:
|
||||||
|
certbot:
|
||||||
|
dns_rfc2136_name: certbot_adm_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||||
|
mail: root@crans.org
|
||||||
|
certname: adm.crans.org
|
||||||
|
domains: "*.adm.crans.org"
|
||||||
bind:
|
bind:
|
||||||
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
||||||
roles:
|
roles:
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,6 @@
|
||||||
|
|
||||||
- name: Add Certbot configuration
|
- name: Add Certbot configuration
|
||||||
template:
|
template:
|
||||||
src: letsencrypt/conf.d/crans.org.ini.j2
|
src: "letsencrypt/conf.d/{{ certbot.certname }}.ini.j2"
|
||||||
dest: /etc/letsencrypt/conf.d/crans.org.ini
|
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ rsa-key-size = 4096
|
||||||
# server = https://acme-staging.api.letsencrypt.org/directory
|
# server = https://acme-staging.api.letsencrypt.org/directory
|
||||||
|
|
||||||
# Uncomment and update to register with the specified e-mail address
|
# Uncomment and update to register with the specified e-mail address
|
||||||
email = root@crans.org
|
email = {{ certbot.mail }}
|
||||||
|
|
||||||
# Uncomment to use a text interface instead of ncurses
|
# Uncomment to use a text interface instead of ncurses
|
||||||
text = True
|
text = True
|
||||||
|
|
@ -21,5 +21,5 @@ dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
|
||||||
dns-rfc2136-propagation-seconds = 30
|
dns-rfc2136-propagation-seconds = 30
|
||||||
|
|
||||||
# Wildcard the domain
|
# Wildcard the domain
|
||||||
cert-name = crans.org
|
cert-name = {{ certbot.certname }}
|
||||||
domains = crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu
|
domains = {{ certbot.domains }}
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
dns_rfc2136_server = {{ dns_masters_ipv4 | first }}
|
dns_rfc2136_server = {{ dns_masters_ipv4 | first }}
|
||||||
dns_rfc2136_port = 53
|
dns_rfc2136_port = 53
|
||||||
dns_rfc2136_name = certbot_challenge.
|
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
|
||||||
dns_rfc2136_secret = {{ certbot_dns_secret }}
|
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
|
||||||
dns_rfc2136_algorithm = HMAC-SHA512
|
dns_rfc2136_algorithm = HMAC-SHA512
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue