From f8b2ae3f02b8f3fadf99886fa0d63c0fed15908f Mon Sep 17 00:00:00 2001 From: Jonathan DeMasi Date: Sat, 24 Jan 2026 13:21:14 -0700 Subject: [PATCH] add super secret secrets --- .../host_vars/ldap.home.jthan.io/vars.yaml | 4 +++- ansible/roles/lego/tasks/generate_cert.yaml | 19 ++++++++++++++++ ansible/roles/lego/tasks/initial_cert.yaml | 22 ------------------- ansible/roles/lego/tasks/main.yaml | 1 + 4 files changed, 23 insertions(+), 23 deletions(-) create mode 100644 ansible/roles/lego/tasks/generate_cert.yaml delete mode 100644 ansible/roles/lego/tasks/initial_cert.yaml diff --git a/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml b/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml index 4dba47e..c7765cf 100644 --- a/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml +++ b/ansible/inventories/production/host_vars/ldap.home.jthan.io/vars.yaml @@ -1,4 +1,5 @@ -#root_pw: "{{ lookup('bitwarden.secrets.lookup', '4c3d81e6-bb31-40f9-a37a-b3bd00484160') }}" +root_pw: "{{ lookup('bitwarden.secrets.lookup', '64a96d82-179b-41af-898d-b3dc014f44a0') }}" +linode_dns_token: "{{ lookup('bitwarden.secrets.lookup', '8849d676-e53e-4aef-a7e6-b3dc014dd698') }}" ldap_domain: ldap.home.jthan.io ldap_basedn: dc=ldap,dc=home,dc=jthan,dc=io @@ -10,3 +11,4 @@ ldap_users: gidNumber: 10001 ssh_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyLuuN1SYM3ise8983bA7tT5VJqAI5CpPV1whEA9VF + diff --git a/ansible/roles/lego/tasks/generate_cert.yaml b/ansible/roles/lego/tasks/generate_cert.yaml new file mode 100644 index 0000000..4eb64b2 --- /dev/null +++ b/ansible/roles/lego/tasks/generate_cert.yaml @@ -0,0 +1,19 @@ +- name: Gather package facts + ansible.builtin.package_facts: + manager: auto + +- name: Generate initial cert (http) + command: + cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run + chdir: /root + creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt" + +- name: Generate initial cert (dns) + command: + cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --dns linode --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} run + chdir: /root + creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt" + environment: + LINODE_POLLING_INTERVAL: 120 + LINODE_PROPAGATION_TIMEOUT: 600 + LINODE_TOKEN: {{ linode_dns_token }} diff --git a/ansible/roles/lego/tasks/initial_cert.yaml b/ansible/roles/lego/tasks/initial_cert.yaml deleted file mode 100644 index a820068..0000000 --- a/ansible/roles/lego/tasks/initial_cert.yaml +++ /dev/null @@ -1,22 +0,0 @@ -- name: Gather package facts - ansible.builtin.package_facts: - manager: auto - -- name: Stop nginx to generate initial lego cert - service: - name: nginx - state: stopped - when: "'nginx' in ansible_facts.packages" - -- name: Generate initial cert - command: - cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run - chdir: /root - creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt" - when: "'nginx' in ansible_facts.packages" - -- name: Start nginx after generating initial lego cert - service: - name: nginx - state: started - when: "'nginx' in ansible_facts.packages" diff --git a/ansible/roles/lego/tasks/main.yaml b/ansible/roles/lego/tasks/main.yaml index 4ecb144..1b910ce 100644 --- a/ansible/roles/lego/tasks/main.yaml +++ b/ansible/roles/lego/tasks/main.yaml @@ -1 +1,2 @@ - import_tasks: install.yaml +- import_tasks: generate_cert.yaml