add super secret secrets
This commit is contained in:
@@ -1,4 +1,5 @@
|
|||||||
#root_pw: "{{ lookup('bitwarden.secrets.lookup', '4c3d81e6-bb31-40f9-a37a-b3bd00484160') }}"
|
root_pw: "{{ lookup('bitwarden.secrets.lookup', '64a96d82-179b-41af-898d-b3dc014f44a0') }}"
|
||||||
|
linode_dns_token: "{{ lookup('bitwarden.secrets.lookup', '8849d676-e53e-4aef-a7e6-b3dc014dd698') }}"
|
||||||
ldap_domain: ldap.home.jthan.io
|
ldap_domain: ldap.home.jthan.io
|
||||||
ldap_basedn: dc=ldap,dc=home,dc=jthan,dc=io
|
ldap_basedn: dc=ldap,dc=home,dc=jthan,dc=io
|
||||||
|
|
||||||
@@ -10,3 +11,4 @@ ldap_users:
|
|||||||
gidNumber: 10001
|
gidNumber: 10001
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyLuuN1SYM3ise8983bA7tT5VJqAI5CpPV1whEA9VF
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyLuuN1SYM3ise8983bA7tT5VJqAI5CpPV1whEA9VF
|
||||||
|
|
||||||
|
|||||||
19
ansible/roles/lego/tasks/generate_cert.yaml
Normal file
19
ansible/roles/lego/tasks/generate_cert.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
- name: Gather package facts
|
||||||
|
ansible.builtin.package_facts:
|
||||||
|
manager: auto
|
||||||
|
|
||||||
|
- name: Generate initial cert (http)
|
||||||
|
command:
|
||||||
|
cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run
|
||||||
|
chdir: /root
|
||||||
|
creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
|
||||||
|
|
||||||
|
- name: Generate initial cert (dns)
|
||||||
|
command:
|
||||||
|
cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --dns linode --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} run
|
||||||
|
chdir: /root
|
||||||
|
creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
|
||||||
|
environment:
|
||||||
|
LINODE_POLLING_INTERVAL: 120
|
||||||
|
LINODE_PROPAGATION_TIMEOUT: 600
|
||||||
|
LINODE_TOKEN: {{ linode_dns_token }}
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
- name: Gather package facts
|
|
||||||
ansible.builtin.package_facts:
|
|
||||||
manager: auto
|
|
||||||
|
|
||||||
- name: Stop nginx to generate initial lego cert
|
|
||||||
service:
|
|
||||||
name: nginx
|
|
||||||
state: stopped
|
|
||||||
when: "'nginx' in ansible_facts.packages"
|
|
||||||
|
|
||||||
- name: Generate initial cert
|
|
||||||
command:
|
|
||||||
cmd: /usr/local/bin/lego -a --email="{{ letsencrypt_email }}" --domains="{{ inventory_hostname | default(cert_domain) }}" --key-type {{ cert_key_type | default('rsa4096') }} --http run
|
|
||||||
chdir: /root
|
|
||||||
creates: "/root/.lego/certificates/{{ inventory_hostname | default(cert_domain) }}.crt"
|
|
||||||
when: "'nginx' in ansible_facts.packages"
|
|
||||||
|
|
||||||
- name: Start nginx after generating initial lego cert
|
|
||||||
service:
|
|
||||||
name: nginx
|
|
||||||
state: started
|
|
||||||
when: "'nginx' in ansible_facts.packages"
|
|
||||||
@@ -1 +1,2 @@
|
|||||||
- import_tasks: install.yaml
|
- import_tasks: install.yaml
|
||||||
|
- import_tasks: generate_cert.yaml
|
||||||
|
|||||||
Reference in New Issue
Block a user