35 lines
928 B
YAML
Executable File
35 lines
928 B
YAML
Executable File
#!/usr/bin/env ansible-playbook
|
|
---
|
|
# Temporary
|
|
# Wildcard certificate for MX servers
|
|
- hosts: titanic.adm.crans.org
|
|
vars:
|
|
certbot:
|
|
dns_rfc2136_name: certbot_challenge.
|
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
|
mail: root@crans.org
|
|
certname: crans.org
|
|
domains: "*.crans.org"
|
|
bind:
|
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
|
roles:
|
|
- certbot
|
|
tasks:
|
|
- name: Symlink smtp certificate
|
|
file:
|
|
src: /etc/letsencrypt/live/crans.org/fullchain.pem
|
|
dest: /etc/ssl/certs/smtp.pem
|
|
state: link
|
|
force: true
|
|
- name: Symlink smtp private key
|
|
file:
|
|
src: /etc/letsencrypt/live/crans.org/privkey.pem
|
|
dest: /etc/ssl/private/smtp.pem
|
|
state: link
|
|
force: true
|
|
- name: reload postfix
|
|
systemd:
|
|
enabled: yes
|
|
state: restarted
|
|
name: postfix
|