From b6d15e85eaac6942d75f6b8168bd9eeec9516b4e Mon Sep 17 00:00:00 2001
From: Maxime Bombar <bombar@crans.org>
Date: Tue, 2 Jun 2020 18:06:05 +0200
Subject: [PATCH] [freeradius] LE certificate with DNS challenge

---
 radius.yml                      | 15 +++++++++++++++
 roles/freeradius/tasks/main.yml | 20 ++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100755 radius.yml
 create mode 100644 roles/freeradius/tasks/main.yml

diff --git a/radius.yml b/radius.yml
new file mode 100755
index 00000000..2727fa78
--- /dev/null
+++ b/radius.yml
@@ -0,0 +1,15 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
+  vars:
+    certbot:
+      dns_rfc2136_name: certbot_challenge.
+      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
+      mail: root@crans.org
+      certname: crans.org
+      domains: "crans.org"
+    bind:
+      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+  roles:
+    - certbot
+    - freeradius
diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml
new file mode 100644
index 00000000..36df1917
--- /dev/null
+++ b/roles/freeradius/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Symlink radius certificates
+  file:
+    src: /etc/letsencrypt/live/crans.org/{{ item }}
+    dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
+    state: link
+    force: yes
+  loop:
+    - fullchain.pem
+    - privkey.pem
+
+- name: Set permissions on certificates
+  file:
+    path: /etc/letsencrypt/{{ item }}
+    group: freerad
+    mode: '0755'
+    recurse: yes
+  loop:
+    - live
+    - archive