forked from infra/ansible
Change certificate locations, update powerdns aliases
This commit is contained in:
parent
9dcdbdf983
commit
9f608c886d
@ -8,3 +8,9 @@ acme_nsupdate_server: "neon.binary-kitchen.net"
|
|||||||
|
|
||||||
acme_sh_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh"
|
acme_sh_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh"
|
||||||
acme_dns_nsupdate_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/dnsapi/dns_nsupdate.sh"
|
acme_dns_nsupdate_url: "https://raw.githubusercontent.com/Neilpang/acme.sh/master/dnsapi/dns_nsupdate.sh"
|
||||||
|
|
||||||
|
acme_reloadcmd: "/etc/ssl/private/reload.sh"
|
||||||
|
acme_key: "/etc/ssl/private/host.key"
|
||||||
|
acme_cert: "/etc/ssl/private/host.cert"
|
||||||
|
acme_ca: "/etc/ssl/private/host.ca"
|
||||||
|
acme_fullchain: "/etc/ssl/private/host.fullchain"
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
[ -d '/etc/reload.d' ] && for x in "/etc/reload.d/"*; do
|
||||||
|
[ -e "$x" ] && "$x"
|
||||||
|
done
|
||||||
|
exit 0
|
@ -11,6 +11,13 @@
|
|||||||
changed_when: "False"
|
changed_when: "False"
|
||||||
delegate_to: "{{ acme_nsupdate_server }}"
|
delegate_to: "{{ acme_nsupdate_server }}"
|
||||||
|
|
||||||
|
- name: Update updatepolicy.aliases
|
||||||
|
lineinfile:
|
||||||
|
path: "/etc/powerdns/updatepolicy.aliases"
|
||||||
|
regexp: '^alias\["{{ inventory_hostname}}\."\]'
|
||||||
|
line: 'alias["{{ inventory_hostname }}."] = {"{{ ''.","''.join(acme_san_domains) }}."} '
|
||||||
|
delegate_to: "{{ acme_nsupdate_server }}"
|
||||||
|
|
||||||
- name: Generate nsupdate.key
|
- name: Generate nsupdate.key
|
||||||
shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_nsupdate_keyalgo }}'"
|
shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_nsupdate_keyalgo }}'"
|
||||||
register: "pdns_nsupdate_genkey"
|
register: "pdns_nsupdate_genkey"
|
||||||
@ -69,11 +76,11 @@
|
|||||||
- name: Copy reload.sh
|
- name: Copy reload.sh
|
||||||
copy:
|
copy:
|
||||||
src: "reload.sh"
|
src: "reload.sh"
|
||||||
dest: "{{ acme_home }}/{{ inventory_hostname }}/reload.sh"
|
dest: "{{ acme_reloadcmd }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Issue certificate
|
- name: Issue certificate
|
||||||
shell: "{{ lookup('template','acme.sh.request.j2').replace('\n',' ') }}"
|
shell: "{{ lookup('template','acme.sh.request.j2').replace('\n',' ') }}"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ acme_home }}"
|
chdir: "{{ acme_home }}"
|
||||||
creates: "{{ acme_home }}/{{ inventory_hostname }}/{{ inventory_hostname }}.key"
|
creates: "{{ acme_cert }}"
|
||||||
|
@ -2,7 +2,6 @@ NSUPDATE_KEY="{{ acme_nsupdate_key }}"
|
|||||||
NSUPDATE_SERVER="{{ acme_nsupdate_server }}"
|
NSUPDATE_SERVER="{{ acme_nsupdate_server }}"
|
||||||
"{{ acme_home }}/acme.sh"
|
"{{ acme_home }}/acme.sh"
|
||||||
--home "{{ acme_home }}"
|
--home "{{ acme_home }}"
|
||||||
--reloadCmd "{{ acme_home }}/{{ inventory_hostname }}/reload.sh"
|
|
||||||
--log
|
--log
|
||||||
--issue
|
--issue
|
||||||
-k 4096
|
-k 4096
|
||||||
@ -16,4 +15,8 @@ NSUPDATE_SERVER="{{ acme_nsupdate_server }}"
|
|||||||
{% if acme_staging is defined and acme_staging %}
|
{% if acme_staging is defined and acme_staging %}
|
||||||
--staging
|
--staging
|
||||||
{% endif %}
|
{% endif %}
|
||||||
;
|
--cert-file "{{ acme_cert }}"
|
||||||
|
--key-file "{{ acme_key }}"
|
||||||
|
--ca-file "{{ acme_ca }}"
|
||||||
|
--fullchain-file "{{ acme_fullchain }}"
|
||||||
|
--reloadcmd "{{ acme_reloadcmd }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user