forked from infra/ansible
Unify certmgr configs.
This commit is contained in:
parent
429e212599
commit
aaf7ff604e
4
host_vars/carbon.binary-kitchen.net
Normal file
4
host_vars/carbon.binary-kitchen.net
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
certmgr_mode: standalone
|
@ -1,27 +1,27 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
{{ mail_server }}:
|
{{ mail_server }}:
|
||||||
- path: /etc/postfix/ssl/{{ mail_server }}.crt
|
|
||||||
user: postfix
|
|
||||||
group: postfix
|
|
||||||
perm: '400'
|
|
||||||
format: crt
|
|
||||||
action: 'service postfix restart'
|
|
||||||
- path: /etc/postfix/ssl/{{ mail_server }}.key
|
- path: /etc/postfix/ssl/{{ mail_server }}.key
|
||||||
user: postfix
|
user: postfix
|
||||||
group: postfix
|
group: postfix
|
||||||
perm: '400'
|
perm: '400'
|
||||||
format: key
|
format: key
|
||||||
action: 'service postfix restart'
|
action: 'service postfix restart'
|
||||||
- path: /etc/dovecot/ssl/{{ mail_server }}.crt
|
- path: /etc/postfix/ssl/{{ mail_server }}.crt
|
||||||
user: dovecot
|
user: postfix
|
||||||
group: dovecot
|
group: postfix
|
||||||
perm: '400'
|
perm: '400'
|
||||||
format: crt
|
format: crt,ca
|
||||||
action: 'service dovecot restart'
|
action: 'service postfix restart'
|
||||||
- path: /etc/dovecot/ssl/{{ mail_server }}.key
|
- path: /etc/dovecot/ssl/{{ mail_server }}.key
|
||||||
user: dovecot
|
user: dovecot
|
||||||
group: dovecot
|
group: dovecot
|
||||||
perm: '400'
|
perm: '400'
|
||||||
format: key
|
format: key
|
||||||
action: 'service dovecot restart'
|
action: 'service dovecot restart'
|
||||||
|
- path: /etc/dovecot/ssl/{{ mail_server }}.crt
|
||||||
|
user: dovecot
|
||||||
|
group: dovecot
|
||||||
|
perm: '400'
|
||||||
|
format: crt,ca
|
||||||
|
action: 'service dovecot restart'
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
{{ mailman_domain }}:
|
{{ mailman_domain }}:
|
||||||
- path: /etc/nginx/ssl/{{ mailman_domain }}.crt
|
|
||||||
user: nginx
|
|
||||||
group: nginx
|
|
||||||
perm: '400'
|
|
||||||
format: crt,ca
|
|
||||||
action: 'service nginx restart'
|
|
||||||
- path: /etc/nginx/ssl/{{ mailman_domain }}.key
|
- path: /etc/nginx/ssl/{{ mailman_domain }}.key
|
||||||
user: nginx
|
user: root
|
||||||
group: nginx
|
group: root
|
||||||
perm: '400'
|
perm: '400'
|
||||||
format: key
|
format: key
|
||||||
action: 'service nginx restart'
|
action: 'service nginx restart'
|
||||||
|
- path: /etc/nginx/ssl/{{ mailman_domain }}.crt
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
perm: '400'
|
||||||
|
format: crt,ca
|
||||||
|
action: 'service nginx restart'
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
{{ owncloud_domain }}:
|
{{ owncloud_domain }}:
|
||||||
- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
|
|
||||||
user: root
|
|
||||||
group: root
|
|
||||||
perm: '400'
|
|
||||||
format: crt,ca
|
|
||||||
action: 'service nginx restart'
|
|
||||||
- path: /etc/nginx/ssl/{{ owncloud_domain }}.key
|
- path: /etc/nginx/ssl/{{ owncloud_domain }}.key
|
||||||
user: root
|
user: root
|
||||||
group: root
|
group: root
|
||||||
perm: '400'
|
perm: '400'
|
||||||
format: key
|
format: key
|
||||||
action: 'service nginx restart'
|
action: 'service nginx restart'
|
||||||
|
- path: /etc/nginx/ssl/{{ owncloud_domain }}.crt
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
perm: '400'
|
||||||
|
format: crt,ca
|
||||||
|
action: 'service nginx restart'
|
||||||
|
4
roles/prosody/meta/main.yml
Normal file
4
roles/prosody/meta/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- { role: certmgr }
|
@ -31,6 +31,9 @@
|
|||||||
template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
|
template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
|
||||||
notify: Restart prosody
|
notify: Restart prosody
|
||||||
|
|
||||||
|
- name: Configure certificate manager
|
||||||
|
template: src=certs.j2 dest=/etc/acme/domains.d/{{ prosody_domain }}_prosody.conf
|
||||||
|
|
||||||
- name: Start saslauthd
|
- name: Start saslauthd
|
||||||
service: name=saslauthd state=started enabled=yes
|
service: name=saslauthd state=started enabled=yes
|
||||||
|
|
||||||
|
15
roles/prosody/templates/certs.j2
Normal file
15
roles/prosody/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{ prosody_domain }}:
|
||||||
|
- path: /etc/prosody/certs/{{ prosody_domain }}.key
|
||||||
|
user: prosody
|
||||||
|
group: prosody
|
||||||
|
perm: '400'
|
||||||
|
format: key
|
||||||
|
action: 'service prosody restart'
|
||||||
|
- path: /etc/prosody/certs/{{ prosody_domain }}.crt
|
||||||
|
user: prosody
|
||||||
|
group: prosody
|
||||||
|
perm: '400'
|
||||||
|
format: crt,ca
|
||||||
|
action: 'service prosody restart'
|
Loading…
Reference in New Issue
Block a user