Commit 3c9c4c2e authored by Maxime Bombar's avatar Maxime Bombar

Merge branch 'certbot' into 'newinfra'

[Certbot] Praise new infra

See merge request !99
parents aa7bbbd0 d45fff91
---
glob_certbot:
dns_rfc2136_server: '172.16.10.147'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "crans.org"
---
interfaces:
adm: ens18
srv: ens19
loc_certbot:
dns_rfc2136_name: certbot_adm_challenge.
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
certname: adm.crans.org
domains: "*.adm.crans.org"
...@@ -23,6 +23,12 @@ ...@@ -23,6 +23,12 @@
# [test_vm] # [test_vm]
# re2o-test.adm.crans.org # re2o-test.adm.crans.org
[certbot]
gitzly.adm.crans.org
[certbot:children]
radius # We use certbot to manage LE certificates
[nginx_rtmp] [nginx_rtmp]
fluxx.adm.crans.org fluxx.adm.crans.org
...@@ -88,6 +94,7 @@ routeur-daniel.adm.crans.org ...@@ -88,6 +94,7 @@ routeur-daniel.adm.crans.org
belenios # on changera plus tard belenios # on changera plus tard
re2o-ldap.adm.crans.org re2o-ldap.adm.crans.org
gitlab-ci.adm.crans.org gitlab-ci.adm.crans.org
gitzly.adm.crans.org
hodaur.adm.crans.org hodaur.adm.crans.org
monitoring.adm.crans.org monitoring.adm.crans.org
boeing.adm.crans.org boeing.adm.crans.org
......
#!/usr/bin/env ansible-playbook
---
# Deploy certbot for LE certificates
- hosts: certbot
vars:
certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
mirror: '{{ glob_mirror }}'
roles:
- certbot
...@@ -3,7 +3,9 @@ ...@@ -3,7 +3,9 @@
# Deploy radius server # Deploy radius server
- hosts: radius - hosts: radius
vars: vars:
certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}' freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
mirror: '{{ glob_mirror }}' mirror: '{{ glob_mirror }}'
roles: roles:
- certbot
- freeradius - freeradius
...@@ -2,12 +2,7 @@ ...@@ -2,12 +2,7 @@
--- ---
- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org - hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
vars: vars:
certbot: certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
certname: crans.org
domains: "crans.org"
bind: bind:
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}" masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
roles: roles:
......
{{ ansible_header | comment(decoration='# ') }} {{ ansible_header | comment(decoration='# ') }}
dns_rfc2136_server = {{ dns_masters_ipv4 | first }} dns_rfc2136_server = {{ certbot.dns_rfc2136_server }}
dns_rfc2136_port = 53 dns_rfc2136_port = 53
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }} dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }} dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment