From aaf7ff604e4daabf4756cef72b6c1d2e1bd0148d Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Fri, 8 Apr 2016 09:28:53 +0200 Subject: [PATCH] Unify certmgr configs. --- host_vars/carbon.binary-kitchen.net | 4 ++++ roles/mail/templates/certs.j2 | 22 +++++++++++----------- roles/mail/templates/mailman/certs.j2 | 16 ++++++++-------- roles/owncloud/templates/certs.j2 | 12 ++++++------ roles/prosody/meta/main.yml | 4 ++++ roles/prosody/tasks/main.yml | 3 +++ roles/prosody/templates/certs.j2 | 15 +++++++++++++++ 7 files changed, 51 insertions(+), 25 deletions(-) create mode 100644 host_vars/carbon.binary-kitchen.net create mode 100644 roles/prosody/meta/main.yml create mode 100644 roles/prosody/templates/certs.j2 diff --git a/host_vars/carbon.binary-kitchen.net b/host_vars/carbon.binary-kitchen.net new file mode 100644 index 0000000..6ff7bc6 --- /dev/null +++ b/host_vars/carbon.binary-kitchen.net @@ -0,0 +1,4 @@ + +--- + +certmgr_mode: standalone diff --git a/roles/mail/templates/certs.j2 b/roles/mail/templates/certs.j2 index a9bf1f2..6ba8dbd 100644 --- a/roles/mail/templates/certs.j2 +++ b/roles/mail/templates/certs.j2 @@ -1,27 +1,27 @@ --- {{ mail_server }}: -- path: /etc/postfix/ssl/{{ mail_server }}.crt - user: postfix - group: postfix - perm: '400' - format: crt - action: 'service postfix restart' - path: /etc/postfix/ssl/{{ mail_server }}.key user: postfix group: postfix perm: '400' format: key action: 'service postfix restart' -- path: /etc/dovecot/ssl/{{ mail_server }}.crt - user: dovecot - group: dovecot +- path: /etc/postfix/ssl/{{ mail_server }}.crt + user: postfix + group: postfix perm: '400' - format: crt - action: 'service dovecot restart' + format: crt,ca + action: 'service postfix restart' - path: /etc/dovecot/ssl/{{ mail_server }}.key user: dovecot group: dovecot perm: '400' format: key action: 'service dovecot restart' +- path: /etc/dovecot/ssl/{{ mail_server }}.crt + user: dovecot + group: dovecot + perm: '400' + format: crt,ca + action: 'service dovecot restart' diff --git a/roles/mail/templates/mailman/certs.j2 b/roles/mail/templates/mailman/certs.j2 index c8e3398..1261d46 100644 --- a/roles/mail/templates/mailman/certs.j2 +++ b/roles/mail/templates/mailman/certs.j2 @@ -1,15 +1,15 @@ --- {{ mailman_domain }}: -- path: /etc/nginx/ssl/{{ mailman_domain }}.crt - user: nginx - group: nginx - perm: '400' - format: crt,ca - action: 'service nginx restart' - path: /etc/nginx/ssl/{{ mailman_domain }}.key - user: nginx - group: nginx + user: root + group: root perm: '400' format: key action: 'service nginx restart' +- path: /etc/nginx/ssl/{{ mailman_domain }}.crt + user: root + group: root + perm: '400' + format: crt,ca + action: 'service nginx restart' diff --git a/roles/owncloud/templates/certs.j2 b/roles/owncloud/templates/certs.j2 index 1872846..0926425 100644 --- a/roles/owncloud/templates/certs.j2 +++ b/roles/owncloud/templates/certs.j2 @@ -1,15 +1,15 @@ --- {{ owncloud_domain }}: -- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt - user: root - group: root - perm: '400' - format: crt,ca - action: 'service nginx restart' - path: /etc/nginx/ssl/{{ owncloud_domain }}.key user: root group: root perm: '400' format: key action: 'service nginx restart' +- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt + user: root + group: root + perm: '400' + format: crt,ca + action: 'service nginx restart' diff --git a/roles/prosody/meta/main.yml b/roles/prosody/meta/main.yml new file mode 100644 index 0000000..7786a89 --- /dev/null +++ b/roles/prosody/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: +- { role: certmgr } diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml index aea5ab8..3e6da79 100644 --- a/roles/prosody/tasks/main.yml +++ b/roles/prosody/tasks/main.yml @@ -31,6 +31,9 @@ template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua notify: Restart prosody +- name: Configure certificate manager + template: src=certs.j2 dest=/etc/acme/domains.d/{{ prosody_domain }}_prosody.conf + - name: Start saslauthd service: name=saslauthd state=started enabled=yes diff --git a/roles/prosody/templates/certs.j2 b/roles/prosody/templates/certs.j2 new file mode 100644 index 0000000..877750d --- /dev/null +++ b/roles/prosody/templates/certs.j2 @@ -0,0 +1,15 @@ +--- + +{{ prosody_domain }}: +- path: /etc/prosody/certs/{{ prosody_domain }}.key + user: prosody + group: prosody + perm: '400' + format: key + action: 'service prosody restart' +- path: /etc/prosody/certs/{{ prosody_domain }}.crt + user: prosody + group: prosody + perm: '400' + format: crt,ca + action: 'service prosody restart'