From a9899061d86aef5adb1b3256eac4c5ccf14287a3 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Sat, 21 Nov 2020 22:14:53 +0100 Subject: [PATCH] [WIP] role for pizza --- roles/pizza/defaults/main.yml | 3 +++ roles/pizza/handlers/main.yml | 7 +++++++ roles/pizza/meta/main.yml | 4 ++++ roles/pizza/tasks/main.yml | 15 +++++++++++++++ roles/pizza/templates/certs.j2 | 18 ++++++++++++++++++ 5 files changed, 47 insertions(+) create mode 100644 roles/pizza/defaults/main.yml create mode 100644 roles/pizza/handlers/main.yml create mode 100644 roles/pizza/meta/main.yml create mode 100644 roles/pizza/tasks/main.yml create mode 100644 roles/pizza/templates/certs.j2 diff --git a/roles/pizza/defaults/main.yml b/roles/pizza/defaults/main.yml new file mode 100644 index 0000000..ef271e2 --- /dev/null +++ b/roles/pizza/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +pizza_domain: pizza.binary.kitchen diff --git a/roles/pizza/handlers/main.yml b/roles/pizza/handlers/main.yml new file mode 100644 index 0000000..ff936dd --- /dev/null +++ b/roles/pizza/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Restart nginx + service: name=nginx state=restarted + +- name: Run acertmgr + command: /usr/bin/acertmgr diff --git a/roles/pizza/meta/main.yml b/roles/pizza/meta/main.yml new file mode 100644 index 0000000..a456842 --- /dev/null +++ b/roles/pizza/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: +- { role: acertmgr } diff --git a/roles/pizza/tasks/main.yml b/roles/pizza/tasks/main.yml new file mode 100644 index 0000000..755c9f6 --- /dev/null +++ b/roles/pizza/tasks/main.yml @@ -0,0 +1,15 @@ +--- + +#- name: Ensure certificates are available +# command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ pizza_domain }}.key -out /etc/nginx/ssl/{{ pizza_domain }}.crt -days 730 -subj "/CN={{ pizza_domain }}" creates=/etc/nginx/ssl/{{ pizza_domain }}.crt +# notify: Restart nginx + +- name: Request nsupdate key for certificate + include_role: name=acme-dnskey-generate + vars: + acme_dnskey_san_domains: + - "{{ pizza_domain }}" + +- name: Configure certificate manager for pizza + template: src=certs.j2 dest=/etc/acertmgr/{{ pizza_domain }}.conf + notify: Run acertmgr diff --git a/roles/pizza/templates/certs.j2 b/roles/pizza/templates/certs.j2 new file mode 100644 index 0000000..538c3ca --- /dev/null +++ b/roles/pizza/templates/certs.j2 @@ -0,0 +1,18 @@ +--- + +{{ pizza_domain }}: +- mode: dns.nsupdate + nsupdate_server: {{ acme_dnskey_server }} + nsupdate_keyfile: {{ acme_dnskey_file }} +- path: /etc/nginx/ssl/{{ pizza_domain }}.key + user: root + group: root + perm: '400' + format: key + action: '/usr/sbin/service nginx restart' +- path: /etc/nginx/ssl/{{ pizza_domain }}.crt + user: root + group: root + perm: '400' + format: crt,ca + action: '/usr/sbin/service nginx restart'