evoacme: namespaced variables
This commit is contained in:
parent
64682b1717
commit
935026c973
|
@ -1,15 +1,15 @@
|
|||
---
|
||||
ssl_key_dir: /etc/ssl/private
|
||||
ssl_key_size: 2048
|
||||
dhparam_size: 2048
|
||||
acme_dir: /var/lib/letsencrypt
|
||||
csr_dir: /etc/ssl/requests
|
||||
crt_dir: /etc/letsencrypt
|
||||
log_dir: /var/log/evoacme
|
||||
ssl_minday: 15
|
||||
ssl_ct: 'FR'
|
||||
ssl_state: 'France'
|
||||
ssl_loc: 'Marseille'
|
||||
ssl_org: 'Evolix'
|
||||
ssl_ou: 'Security'
|
||||
ssl_email: 'security@evolix.net'
|
||||
evoacme_ssl_key_dir: /etc/ssl/private
|
||||
evoacme_ssl_key_size: 2048
|
||||
evoacme_dhparam_size: 2048
|
||||
evoacme_acme_dir: /var/lib/letsencrypt
|
||||
evoacme_csr_dir: /etc/ssl/requests
|
||||
evoacme_crt_dir: /etc/letsencrypt
|
||||
evoacme_log_dir: /var/log/evoacme
|
||||
evoacme_ssl_minday: 15
|
||||
evoacme_ssl_ct: 'FR'
|
||||
evoacme_ssl_state: 'France'
|
||||
evoacme_ssl_loc: 'Marseille'
|
||||
evoacme_ssl_org: 'Evolix'
|
||||
evoacme_ssl_ou: 'Security'
|
||||
evoacme_ssl_email: 'security@evolix.net'
|
||||
|
|
|
@ -10,12 +10,12 @@
|
|||
group: acme
|
||||
state: present
|
||||
createhome: no
|
||||
home: "{{ crt_dir }}"
|
||||
home: "{{ evoacme_crt_dir }}"
|
||||
shell: /bin/false
|
||||
|
||||
- name: Fix crt dir's right
|
||||
file:
|
||||
path: "{{ crt_dir }}"
|
||||
path: "{{ evoacme_crt_dir }}"
|
||||
mode: 0755
|
||||
owner: acme
|
||||
group: acme
|
||||
|
@ -23,7 +23,7 @@
|
|||
|
||||
- name: Fix log dir's right
|
||||
file:
|
||||
path: "{{ log_dir }}"
|
||||
path: "{{ evoacme_log_dir }}"
|
||||
mode: 0755
|
||||
owner: acme
|
||||
group: acme
|
||||
|
@ -31,7 +31,7 @@
|
|||
|
||||
- name: Fix challenge dir's right
|
||||
file:
|
||||
path: "{{ acme_dir }}"
|
||||
path: "{{ evoacme_acme_dir }}"
|
||||
mode: 0755
|
||||
owner: acme
|
||||
group: acme
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
- name: Set certbot release to Debian stable
|
||||
set_fact: release="stable"
|
||||
set_fact:
|
||||
evoacme_certbot_release: stable
|
||||
when:
|
||||
- ansible_distribution is defined
|
||||
- ansible_distribution == "Debian"
|
||||
|
@ -8,7 +9,8 @@
|
|||
- ansible_distribution_major_version|int > 8
|
||||
|
||||
- name: Set certbot relase to jessie-backports
|
||||
set_fact: release="jessie-backports"
|
||||
set_fact:
|
||||
evoacme_certbot_release: jessie-backports
|
||||
when:
|
||||
- ansible_distribution is defined
|
||||
- ansible_distribution == "Debian"
|
||||
|
@ -21,13 +23,13 @@
|
|||
dest: /etc/apt/sources.list
|
||||
line: 'deb http://mirror.evolix.org/debian jessie-backports main'
|
||||
state: present
|
||||
when: release == "jessie-backports"
|
||||
when: evoacme_certbot_release == "jessie-backports"
|
||||
|
||||
- name: Install certbot with apt
|
||||
apt:
|
||||
name: certbot
|
||||
state: latest
|
||||
default_release: "{{release}}"
|
||||
default_release: "{{ evoacme_certbot_release }}"
|
||||
update_cache: yes
|
||||
|
||||
- name: Mount /usr in rw
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
option: "{{ item.name }}"
|
||||
value: "{{ item.var }}"
|
||||
with_items:
|
||||
- { name: 'default_bits', var: "{{ ssl_key_size }}" }
|
||||
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
|
||||
- { name: 'encrypt_key', var: 'yes' }
|
||||
- { name: 'distinguished_name', var: 'req_dn' }
|
||||
- { name: 'prompt', var: 'no' }
|
||||
|
@ -17,12 +17,12 @@
|
|||
option: "{{ item.name }}"
|
||||
value: "{{ item.var }}"
|
||||
with_items:
|
||||
- { name: 'C', var: "{{ ssl_ct }}" }
|
||||
- { name: 'ST', var: "{{ ssl_state }}" }
|
||||
- { name: 'L', var: "{{ ssl_loc }}" }
|
||||
- { name: 'O', var: "{{ ssl_org }}" }
|
||||
- { name: 'OU', var: "{{ ssl_ou }}" }
|
||||
- { name: 'emailAddress', var: "{{ ssl_email }}" }
|
||||
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
|
||||
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
|
||||
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }
|
||||
- { name: 'O', var: "{{ evoacme_ssl_org }}" }
|
||||
- { name: 'OU', var: "{{ evoacme_ssl_ou }}" }
|
||||
- { name: 'emailAddress', var: "{{ evoacme_ssl_email }}" }
|
||||
|
||||
- name: Copy new evoacme conf
|
||||
template:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
- name: Generate DH paramaters
|
||||
shell: openssl dhparam -rand - {{dhparam_size}} -out /etc/ssl/dhparam.pem
|
||||
creates=/etc/ssl/dhparam.pem
|
||||
command: openssl dhparam -rand - {{ evoacme_dhparam_size }} -out /etc/ssl/dhparam.pem
|
||||
args:
|
||||
creates: /etc/ssl/dhparam.pem
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Create CSR dir
|
||||
file:
|
||||
path: "{{ csr_dir }}"
|
||||
path: "{{ evoacme_csr_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
SetEnvIf Request_URI "/.well-known/acme-challenge/*" no-jk
|
||||
Alias /.well-known/acme-challenge {{ acme_dir }}/.well-known/acme-challenge
|
||||
<Directory "{{ acme_dir }}/.well-known/acme-challenge">
|
||||
Alias /.well-known/acme-challenge {{ evoacme_acme_dir }}/.well-known/acme-challenge
|
||||
<Directory "{{ evoacme_acme_dir }}/.well-known/acme-challenge">
|
||||
Options -Indexes
|
||||
Allow from all
|
||||
Require all granted
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
### File generated by Ansible ###
|
||||
|
||||
SSL_KEY_DIR={{ssl_key_dir}}
|
||||
ACME_DIR={{acme_dir}}
|
||||
CSR_DIR={{csr_dir}}
|
||||
CRT_DIR={{crt_dir}}
|
||||
LOG_DIR={{log_dir}}
|
||||
SSL_MINDAY={{ssl_minday}}
|
||||
SSL_KEY_DIR={{ evoacme_ssl_key_dir }}
|
||||
ACME_DIR={{ evoacme_acme_dir }}
|
||||
CSR_DIR={{ evoacme_csr_dir }}
|
||||
CRT_DIR={{ evoacme_crt_dir }}
|
||||
LOG_DIR={{ evoacme_log_dir }}
|
||||
SSL_MINDAY={{ evoacme_ssl_minday }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
location /.well-known/acme-challenge {
|
||||
alias {{ acme_dir }}/.well-known/acme-challenge;
|
||||
alias {{ evoacme_acme_dir }}/.well-known/acme-challenge;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue