forked from infra/ansible
Unify certmgr configs.
This commit is contained in:
parent
429e212599
commit
aaf7ff604e
4
host_vars/carbon.binary-kitchen.net
Normal file
4
host_vars/carbon.binary-kitchen.net
Normal file
@ -0,0 +1,4 @@
|
||||
|
||||
---
|
||||
|
||||
certmgr_mode: standalone
|
||||
@ -1,27 +1,27 @@
|
||||
---
|
||||
|
||||
{{ mail_server }}:
|
||||
- path: /etc/postfix/ssl/{{ mail_server }}.crt
|
||||
user: postfix
|
||||
group: postfix
|
||||
perm: '400'
|
||||
format: crt
|
||||
action: 'service postfix restart'
|
||||
- path: /etc/postfix/ssl/{{ mail_server }}.key
|
||||
user: postfix
|
||||
group: postfix
|
||||
perm: '400'
|
||||
format: key
|
||||
action: 'service postfix restart'
|
||||
- path: /etc/dovecot/ssl/{{ mail_server }}.crt
|
||||
user: dovecot
|
||||
group: dovecot
|
||||
- path: /etc/postfix/ssl/{{ mail_server }}.crt
|
||||
user: postfix
|
||||
group: postfix
|
||||
perm: '400'
|
||||
format: crt
|
||||
action: 'service dovecot restart'
|
||||
format: crt,ca
|
||||
action: 'service postfix restart'
|
||||
- path: /etc/dovecot/ssl/{{ mail_server }}.key
|
||||
user: dovecot
|
||||
group: dovecot
|
||||
perm: '400'
|
||||
format: key
|
||||
action: 'service dovecot restart'
|
||||
- path: /etc/dovecot/ssl/{{ mail_server }}.crt
|
||||
user: dovecot
|
||||
group: dovecot
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: 'service dovecot restart'
|
||||
|
||||
@ -1,15 +1,15 @@
|
||||
---
|
||||
|
||||
{{ mailman_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ mailman_domain }}.crt
|
||||
user: nginx
|
||||
group: nginx
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: 'service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ mailman_domain }}.key
|
||||
user: nginx
|
||||
group: nginx
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: 'service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ mailman_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: 'service nginx restart'
|
||||
|
||||
@ -1,15 +1,15 @@
|
||||
---
|
||||
|
||||
{{ owncloud_domain }}:
|
||||
- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: 'service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ owncloud_domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: 'service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: 'service nginx restart'
|
||||
|
||||
4
roles/prosody/meta/main.yml
Normal file
4
roles/prosody/meta/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: certmgr }
|
||||
@ -31,6 +31,9 @@
|
||||
template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
|
||||
notify: Restart prosody
|
||||
|
||||
- name: Configure certificate manager
|
||||
template: src=certs.j2 dest=/etc/acme/domains.d/{{ prosody_domain }}_prosody.conf
|
||||
|
||||
- name: Start saslauthd
|
||||
service: name=saslauthd state=started enabled=yes
|
||||
|
||||
|
||||
15
roles/prosody/templates/certs.j2
Normal file
15
roles/prosody/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
{{ prosody_domain }}:
|
||||
- path: /etc/prosody/certs/{{ prosody_domain }}.key
|
||||
user: prosody
|
||||
group: prosody
|
||||
perm: '400'
|
||||
format: key
|
||||
action: 'service prosody restart'
|
||||
- path: /etc/prosody/certs/{{ prosody_domain }}.crt
|
||||
user: prosody
|
||||
group: prosody
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: 'service prosody restart'
|
||||
Loading…
Reference in New Issue
Block a user