diff --git a/group_vars/all.yml b/group_vars/all.yml index 5ebfcd8..01e54d0 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -153,17 +153,27 @@ letsencrypt: - badjware.dev - '*.badjware.dev' email: marchambault@badjware.dev - digitalocean: - token: !vault | + cloudflare: + email: marchambault@badjware.dev + api_key: !vault | $ANSIBLE_VAULT;1.1;AES256 - 35643864626166636564363831336663363335356530316464353864643030316662633230343763 - 3439343831386632366137376137383936396164646237640a633132356332636134653832666636 - 63386235636632613666393036643737633635613139326362353166653264633536633037306632 - 3461313436326139330a366265343131366436653635623138373736353262653633666337623935 - 31653964336664313261373031613566636337643934316430306638626631633434366164306639 - 30616238613334633933343339393938326561633036633062323463636161336665373732626330 - 37386264353239353435643266333033353931336637343038353765396134333763386637653638 - 35343739666634323562 + 63633030346535666665366565663237626164343939303930663339363430653064616638343831 + 3365313362613934666535323261643266313630646137320a323564303234316637653234653563 + 30653739316665363863393839306232353833663165323962633963306330333963363239306162 + 3465663233383163330a313532663161653732663565396339306631326564626164393761333838 + 66346336396163663361333962333137336538643062343732636437626135656464366137316234 + 6533396561346635383166346131303438326233303831653734 + # digitalocean: + # token: !vault | + # $ANSIBLE_VAULT;1.1;AES256 + # 35643864626166636564363831336663363335356530316464353864643030316662633230343763 + # 3439343831386632366137376137383936396164646237640a633132356332636134653832666636 + # 63386235636632613666393036643737633635613139326362353166653264633536633037306632 + # 3461313436326139330a366265343131366436653635623138373736353262653633666337623935 + # 31653964336664313261373031613566636337643934316430306638626631633434366164306639 + # 30616238613334633933343339393938326561633036633062323463636161336665373732626330 + # 37386264353239353435643266333033353931336637343038353765396134333763386637653638 + # 35343739666634323562 wireguard: address: 10.100.0.1/24 diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 70ff867..7f88ad0 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -4,6 +4,7 @@ - haproxy - certbot - python3-certbot-dns-digitalocean + - python3-certbot-dns-cloudflare update_cache: yes state: present diff --git a/roles/haproxy/templates/certbot-creds.ini b/roles/haproxy/templates/certbot-creds.ini index f9e4c42..ba756f9 100644 --- a/roles/haproxy/templates/certbot-creds.ini +++ b/roles/haproxy/templates/certbot-creds.ini @@ -1 +1,7 @@ +{% if letsencrypt.digitalocean is defined %} dns_digitalocean_token = {{ letsencrypt.digitalocean.token }} +{% endif %} +{% if letsencrypt.cloudflare is defined %} +dns_cloudflare_email= {{ letsencrypt.cloudflare.email }} +dns_cloudflare_api_key = {{ letsencrypt.cloudflare.api_key }} +{% endif %} diff --git a/roles/haproxy/templates/certbot-run.sh b/roles/haproxy/templates/certbot-run.sh index 71e5756..2ff96bb 100644 --- a/roles/haproxy/templates/certbot-run.sh +++ b/roles/haproxy/templates/certbot-run.sh @@ -4,8 +4,15 @@ certbot certonly \ --agree-tos \ --email {{ letsencrypt.email }} \ --deploy-hook '/opt/certbot/certbot-deploy.sh' \ + {% if letsencrypt.digitalocean is defined %} --dns-digitalocean \ --dns-digitalocean-credentials /opt/certbot/certbot-creds.ini \ - --dns-digitalocean-propagation-seconds 30 \ + --dns-digitalocean-propagation-seconds 60 \ + {% endif %} + {% if letsencrypt.cloudflare is defined %} + --dns-cloudflare \ + --dns-cloudflare-credentials /opt/certbot/certbot-creds.ini \ + --dns-cloudflare-propagation-seconds 60 \ + {% endif %} {% for domain in letsencrypt.domains %}-d '{{ domain }}' {% endfor %} \ $@