Certbot role for gitzly

2020-05-01 17:17:18 +02:00 · 2020-05-01 17:17:18 +02:00 · 80040dd35c
parent e54244e0c7
commit 80040dd35c
4 changed files with 26 additions and 8 deletions
--- a/network.yml
+++ b/network.yml
@ -51,7 +51,25 @@
 # Deploy reverse proxy
 - hosts: bakdaur.adm.crans.org
  vars:
-    certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
+    certbot:
+      dns_rfc2136_name: certbot_challenge.
+      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
+      mail: root@crans.org
+      certname: crans.org
+      domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
+    bind:
+      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+  roles:
+    - certbot
+
+- hosts: gitzly.adm.crans.org
+  vars:
+    certbot:
+      dns_rfc2136_name: certbot_adm_challenge.
+      dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
+      mail: root@crans.org
+      certname: adm.crans.org
+      domains: "*.adm.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
  roles:
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -24,6 +24,6 @@

 - name: Add Certbot configuration
  template:
-    src: letsencrypt/conf.d/crans.org.ini.j2
-    dest: /etc/letsencrypt/conf.d/crans.org.ini
+    src: "letsencrypt/conf.d/{{ certbot.certname }}.ini.j2"
+    dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
    mode: 0644
--- a/roles/certbot/templates/letsencrypt/conf.d/crans.org.ini.j2
+++ b/roles/certbot/templates/letsencrypt/conf.d/crans.org.ini.j2
@ -10,7 +10,7 @@ rsa-key-size = 4096
 # server = https://acme-staging.api.letsencrypt.org/directory

 # Uncomment and update to register with the specified e-mail address
-email = root@crans.org
+email = {{ certbot.mail }}

 # Uncomment to use a text interface instead of ncurses
 text = True
@ -21,5 +21,5 @@ dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
 dns-rfc2136-propagation-seconds = 30

 # Wildcard the domain
-cert-name = crans.org
-domains = crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu
+cert-name = {{ certbot.certname }}
+domains = {{ certbot.domains }}
--- a/roles/certbot/templates/letsencrypt/rfc2136.ini.j2
+++ b/roles/certbot/templates/letsencrypt/rfc2136.ini.j2
@ -2,6 +2,6 @@

 dns_rfc2136_server = {{ dns_masters_ipv4 | first }}
 dns_rfc2136_port = 53
-dns_rfc2136_name = certbot_challenge.
-dns_rfc2136_secret = {{ certbot_dns_secret }}
+dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
+dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
 dns_rfc2136_algorithm = HMAC-SHA512