crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add certbot configuration for proxmox

main
_shirenn 2022-11-08 14:59:28 +01:00
parent 93623264d6
commit c83ab55174
11 changed files with 47 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/certbot.yml
View File

@ -19,5 +19,5 @@ glob_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512

6
group_vars/reverseproxy.yml
View File

@ -12,7 +12,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"crans.eu": "crans.eu":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
@ -20,7 +20,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"crans.fr": "crans.fr":
zone: _acme-challenge.crans.org zone: _acme-challenge.crans.org
@ -28,7 +28,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
loc_nginx: loc_nginx:

16
group_vars/virtu.yml
View File

@ -24,3 +24,19 @@ glob_service_proxmox_user:
dependencies: dependencies:
- python3-jinja2 - python3-jinja2
- python3-ldap - python3-ldap
loc_certbot:
- mail: root@crans.org
certname: adm.crans.org
domains: "*.adm.crans.org"
loc_service_certbot:
config:
"adm.crans.org":
zone: _acme-challenge.adm.crans.org
server: 172.16.10.147
port: 53
key:
name: certbot_adm_challenge.
secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
algorithm: HMAC-SHA512

4
host_vars/gitzly.adm.crans.org.yml
View File

@ -19,7 +19,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
@ -27,7 +27,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.
secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
loc_nginx: loc_nginx:

4
host_vars/redisdead.adm.crans.org.yml
View File

@ -23,7 +23,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
@ -31,5 +31,5 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.
secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512

4
host_vars/sputnik.adm.crans.org.yml
View File

@ -49,7 +49,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_challenge. name: certbot_challenge.
secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
"adm.crans.org": "adm.crans.org":
zone: _acme-challenge.adm.crans.org zone: _acme-challenge.adm.crans.org
@ -57,7 +57,7 @@ loc_service_certbot:
port: 53 port: 53
key: key:
name: certbot_adm_challenge. name: certbot_adm_challenge.
secret: "{{ vault.bind.keys['certbot_adm_challenge.'].secret }}" secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
algorithm: HMAC-SHA512 algorithm: HMAC-SHA512
loc_nginx: loc_nginx:

1
hosts
View File

@ -51,6 +51,7 @@ jitsi
mailman mailman
postfix postfix
reverseproxy reverseproxy
virtu
vsftpd_mirror vsftpd_mirror
[constellation:children] [constellation:children]

6
plays/certbot.yml
View File

@ -7,3 +7,9 @@
roles: roles:
- service - service
- certbot - certbot
- hosts: virtu
vars:
certbot: "{{ loc_certbot | default(glob_certbot | default([])) }}"
roles:
- proxmox-certbot

4
roles/proxmox-certbot/handlers/main.yml 100644
View File

@ -0,0 +1,4 @@
---
- name: import certificate to proxmox
shell: "/usr/bin/pvenode cert set /etc/letsencrypt/live/{{ item.certname }}/cert.pem /etc/letsencrypt/live/{{ item.certname }}/privkey.pem --force 1 --restart 1"
loop: "{{ certbot }}"

7
roles/proxmox-certbot/tasks/main.yml 100644
View File

@ -0,0 +1,7 @@
---
- name: Deploy proxmox renewal-hooks
template:
src: letsencrypt/renewal-hooks/deploy/proxmox.j2
dest: /etc/letsencrypt/renewal-hooks/deploy/proxmox
mode: 0755
notify: import certificate to proxmox

3
roles/proxmox-certbot/templates/letsencrypt/renewal-hooks/deploy/proxmox.j2 100644
View File

@ -0,0 +1,3 @@
#!/bin/bash
pvenode cert set ${RENEWED_LINEAGE}/{cert,privkey}.pem --force 1 --restart 1