acertmgr config generator init

2019-05-07 21:27:54 +02:00 · 2019-05-07 21:27:54 +02:00 · 5c9456d6b8
commit 5c9456d6b8
6 changed files with 66 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+*.retry
+
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+Copyright (c) 2019 Jan-Jonas Sämann
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
+# Domain Config Generaor
+
+Generate and roll configuration for apache, nginx and acertmgr.
+
+Allow to define domains, just redirecting alias domains and the necessarry configuration to get all certificates for this to work automatically.
--- a/main.yml.example
+++ b/main.yml.example
@ -0,0 +1,24 @@
+---
+# vim: set et ts=2 sw=2 ai:
+
+- hosts: all
+  vars:
+    master_vhosts:
+    - name: domain.nx
+      inet_addr: 10.1.1.2
+      alias: [www.domain.nx]
+    redirect_vhosts:
+    - name: domain.ny
+      inet_addr: 10.1.1.3
+      alias: [www.domain.ny,www2.domain.ny]
+      cert_domain: domain.nx
+    - name: no.tld
+      inet_addr: 10.1.1.21
+      alias: [ftp.no.tld,ftp.domain.nx]
+    - name: some.do
+      alias: [www.some.do]
+      inet_addr: 10.1.2.3
+      cert_domain: domain.nx
+
+  roles:
+    - acertmgr
--- a/roles/acertmgr/tasks/main.yml
+++ b/roles/acertmgr/tasks/main.yml
@ -0,0 +1,14 @@
+---
+# vim: set et ts=2 sw=2 ai:
+
+- name: Build acertmgr domain config
+  vars:
+    domain_group:
+      - "{{ [item.name] }}"
+      - "{{ ( item.alias or [] ) }}"
+      - "{{ ( ( redirect_vhosts | selectattr('alias', 'defined') | selectattr('cert_domain', 'defined') | selectattr('cert_domain', 'equalto', item.name) | map(attribute='alias') | flatten ) or [] ) }}"
+      - "{{ ( ( redirect_vhosts | selectattr('alias', 'defined') | selectattr('cert_domain', 'defined') | selectattr('cert_domain', 'equalto', item.name) | map(attribute='name') | flatten ) or [] ) }}"
+  template:
+    src: domain.conf.j2
+    dest: "/etc/acertmgr/{{ item.name }}.conf"
+  loop: "{{ master_vhosts }}"
--- a/roles/acertmgr/templates/domain.conf.j2
+++ b/roles/acertmgr/templates/domain.conf.j2
@ -0,0 +1,8 @@
+---
+
+{{ domain_group | flatten | join(' ') }}:
+- path: /etc/{{ server_software | default('apache2') }}/ssl/{{ item.name }}.key
+  format: key
+- path: /etc/{{ server_software | default('apache2') }}/ssl/{{ item.name }}.crt
+  format: crt,ca
+  action: '/sbin/systemctl restart {{ server_software | default('apache2') }}'