Clone certbot role from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
parent
154cbedec2
commit
889cb764c1
GPG key ID:
3A75C55819C8CF85
4 changed files with 37 additions and 4 deletions
8
group_vars/certbot.yml
Normal file
8
group_vars/certbot.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
glob_certbot:
|
||||||
|
dns_rfc2136_server: '10.128.0.30'
|
||||||
|
dns_rfc2136_name: certbot_challenge.
|
||||||
|
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
|
mail: tech.aurore@lists.crans.org
|
||||||
|
certname: auro.re
|
||||||
|
domains: "auro.re"
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: Install certbot and nginx plugin
|
- name: Install certbot and RFC2136 plugin
|
||||||
apt:
|
apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name:
|
name:
|
||||||
- certbot
|
- certbot
|
||||||
- python3-certbot-nginx
|
- python3-certbot-dns-rfc2136
|
||||||
register: pkg_result
|
register: pkg_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: pkg_result is succeeded
|
until: pkg_result is succeeded
|
||||||
|
|
@ -15,6 +15,19 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Lookup DNS masters IPv4
|
||||||
|
set_fact:
|
||||||
|
dns_masters_ipv4:
|
||||||
|
- "10.128.0.30"
|
||||||
|
cacheable: true
|
||||||
|
|
||||||
|
- name: Add DNS credentials
|
||||||
|
template:
|
||||||
|
src: letsencrypt/rfc2136.ini.j2
|
||||||
|
dest: /etc/letsencrypt/rfc2136.ini
|
||||||
|
mode: 0600
|
||||||
|
owner: root
|
||||||
|
|
||||||
- name: Add Certbot configuration
|
- name: Add Certbot configuration
|
||||||
template:
|
template:
|
||||||
src: "letsencrypt/conf.d/certname.ini.j2"
|
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||||
|
|
|
||||||
|
|
@ -15,8 +15,13 @@ email = {{ certbot.mail }}
|
||||||
# Uncomment to use a text interface instead of ncurses
|
# Uncomment to use a text interface instead of ncurses
|
||||||
text = True
|
text = True
|
||||||
|
|
||||||
# Use nginx challenge
|
# Yes I want to sell my soul and my guinea pig.
|
||||||
authenticator = nginx
|
agree-tos = True
|
||||||
|
|
||||||
|
# Use DNS-01 challenge
|
||||||
|
authenticator = dns-rfc2136
|
||||||
|
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
|
||||||
|
dns-rfc2136-propagation-seconds = 30
|
||||||
|
|
||||||
# Wildcard the domain
|
# Wildcard the domain
|
||||||
cert-name = {{ certbot.certname }}
|
cert-name = {{ certbot.certname }}
|
||||||
|
|
|
||||||
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
7
roles/certbot/templates/letsencrypt/rfc2136.ini.j2
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment(decoration='# ') }}
|
||||||
|
|
||||||
|
dns_rfc2136_server = {{ certbot.dns_rfc2136_server }}
|
||||||
|
dns_rfc2136_port = 53
|
||||||
|
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
|
||||||
|
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
|
||||||
|
dns_rfc2136_algorithm = HMAC-SHA512
|
||||||
Loading…
Reference in a new issue