add cloudflare support for dns-01

group_vars/all.yml

@@ -153,17 +153,27 @@ letsencrypt:
     - badjware.dev
     - '*.badjware.dev'
   email: marchambault@badjware.dev
-  digitalocean:
-    token: !vault |
+  cloudflare:
+    email: marchambault@badjware.dev
+    api_key: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          35643864626166636564363831336663363335356530316464353864643030316662633230343763
-          3439343831386632366137376137383936396164646237640a633132356332636134653832666636
-          63386235636632613666393036643737633635613139326362353166653264633536633037306632
-          3461313436326139330a366265343131366436653635623138373736353262653633666337623935
-          31653964336664313261373031613566636337643934316430306638626631633434366164306639
-          30616238613334633933343339393938326561633036633062323463636161336665373732626330
-          37386264353239353435643266333033353931336637343038353765396134333763386637653638
-          35343739666634323562
+          63633030346535666665366565663237626164343939303930663339363430653064616638343831
+          3365313362613934666535323261643266313630646137320a323564303234316637653234653563
+          30653739316665363863393839306232353833663165323962633963306330333963363239306162
+          3465663233383163330a313532663161653732663565396339306631326564626164393761333838
+          66346336396163663361333962333137336538643062343732636437626135656464366137316234
+          6533396561346635383166346131303438326233303831653734
+  # digitalocean:
+  #   token: !vault |
+  #         $ANSIBLE_VAULT;1.1;AES256
+  #         35643864626166636564363831336663363335356530316464353864643030316662633230343763
+  #         3439343831386632366137376137383936396164646237640a633132356332636134653832666636
+  #         63386235636632613666393036643737633635613139326362353166653264633536633037306632
+  #         3461313436326139330a366265343131366436653635623138373736353262653633666337623935
+  #         31653964336664313261373031613566636337643934316430306638626631633434366164306639
+  #         30616238613334633933343339393938326561633036633062323463636161336665373732626330
+  #         37386264353239353435643266333033353931336637343038353765396134333763386637653638
+  #         35343739666634323562
 
 wireguard:
   address: 10.100.0.1/24

roles/haproxy/tasks/main.yml

@@ -4,6 +4,7 @@
       - haproxy
       - certbot
       - python3-certbot-dns-digitalocean
+      - python3-certbot-dns-cloudflare
     update_cache: yes
     state: present
 

roles/haproxy/templates/certbot-creds.ini

@@ -1 +1,7 @@
+{% if letsencrypt.digitalocean is defined %}
 dns_digitalocean_token = {{ letsencrypt.digitalocean.token }}
+{% endif %}
+{% if letsencrypt.cloudflare is defined %}
+dns_cloudflare_email= {{ letsencrypt.cloudflare.email }}
+dns_cloudflare_api_key = {{ letsencrypt.cloudflare.api_key }}
+{% endif %}

roles/haproxy/templates/certbot-run.sh

@@ -4,8 +4,15 @@ certbot certonly \
     --agree-tos \
     --email {{ letsencrypt.email }} \
     --deploy-hook '/opt/certbot/certbot-deploy.sh' \
+    {% if letsencrypt.digitalocean is defined %}
     --dns-digitalocean \
     --dns-digitalocean-credentials /opt/certbot/certbot-creds.ini \
-    --dns-digitalocean-propagation-seconds 30 \
+    --dns-digitalocean-propagation-seconds 60 \
+    {% endif %}
+    {% if letsencrypt.cloudflare is defined %}
+    --dns-cloudflare \
+    --dns-cloudflare-credentials /opt/certbot/certbot-creds.ini \
+    --dns-cloudflare-propagation-seconds 60 \
+    {% endif %}
     {% for domain in letsencrypt.domains %}-d '{{ domain }}' {% endfor %} \
     $@