Unify certmgr configs.

2016-04-08 09:28:53 +02:00 · 2016-04-08 09:28:53 +02:00 · aaf7ff604e
commit aaf7ff604e
parent 429e212599
7 changed files with 51 additions and 25 deletions
--- a/host_vars/carbon.binary-kitchen.net
+++ b/host_vars/carbon.binary-kitchen.net
@ -0,0 +1,4 @@
 ---
 certmgr_mode: standalone
--- a/roles/mail/templates/certs.j2
+++ b/roles/mail/templates/certs.j2
@ -1,27 +1,27 @@
 ---
 {{ mail_server }}:
 - path: /etc/postfix/ssl/{{ mail_server }}.crt
  user: postfix
  group: postfix
  perm: '400'
  format: crt
  action: 'service postfix restart'
 - path: /etc/postfix/ssl/{{ mail_server }}.key
  user: postfix
  group: postfix
  perm: '400'
  format: key
  action: 'service postfix restart'
- path: /etc/dovecot/ssl/{{ mail_server }}.crt
+- path: /etc/postfix/ssl/{{ mail_server }}.crt
-  user: dovecot
+  user: postfix
-  group: dovecot
+  group: postfix
  perm: '400'
-  format: crt
+  format: crt,ca
-  action: 'service dovecot restart'
+  action: 'service postfix restart'
 - path: /etc/dovecot/ssl/{{ mail_server }}.key
  user: dovecot
  group: dovecot
  perm: '400'
  format: key
  action: 'service dovecot restart'
 - path: /etc/dovecot/ssl/{{ mail_server }}.crt
  user: dovecot
  group: dovecot
  perm: '400'
  format: crt,ca
  action: 'service dovecot restart'
--- a/roles/mail/templates/mailman/certs.j2
+++ b/roles/mail/templates/mailman/certs.j2
@ -1,15 +1,15 @@
 ---
 {{ mailman_domain }}:
 - path: /etc/nginx/ssl/{{ mailman_domain }}.crt
  user: nginx
  group: nginx
  perm: '400'
  format: crt,ca
  action: 'service nginx restart'
 - path: /etc/nginx/ssl/{{ mailman_domain }}.key
-  user: nginx
+  user: root
-  group: nginx
+  group: root
  perm: '400'
  format: key
  action: 'service nginx restart'
 - path: /etc/nginx/ssl/{{ mailman_domain }}.crt
  user: root
  group: root
  perm: '400'
  format: crt,ca
  action: 'service nginx restart'
--- a/roles/owncloud/templates/certs.j2
+++ b/roles/owncloud/templates/certs.j2
@ -1,15 +1,15 @@
 ---
 {{ owncloud_domain }}:
 - path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
  user: root
  group: root
  perm: '400'
  format: crt,ca
  action: 'service nginx restart'
 - path: /etc/nginx/ssl/{{ owncloud_domain }}.key
  user: root
  group: root
  perm: '400'
  format: key
  action: 'service nginx restart'
 - path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
  user: root
  group: root
  perm: '400'
  format: crt,ca
  action: 'service nginx restart'
--- a/roles/prosody/meta/main.yml
+++ b/roles/prosody/meta/main.yml
@ -0,0 +1,4 @@
 ---
 dependencies:
 - { role: certmgr }
--- a/roles/prosody/tasks/main.yml
+++ b/roles/prosody/tasks/main.yml
@ -31,6 +31,9 @@
  template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
  notify: Restart prosody
 - name: Configure certificate manager
  template: src=certs.j2 dest=/etc/acme/domains.d/{{ prosody_domain }}_prosody.conf
 - name: Start saslauthd
  service: name=saslauthd state=started enabled=yes
--- a/roles/prosody/templates/certs.j2
+++ b/roles/prosody/templates/certs.j2
@ -0,0 +1,15 @@
 ---
 {{ prosody_domain }}:
 - path: /etc/prosody/certs/{{ prosody_domain }}.key
  user: prosody
  group: prosody
  perm: '400'
  format: key
  action: 'service prosody restart'
 - path: /etc/prosody/certs/{{ prosody_domain }}.crt
  user: prosody
  group: prosody
  perm: '400'
  format: crt,ca
  action: 'service prosody restart'