badjware
/
home-stack-ansible
1
0
Fork 0
Code Releases Activity

add cloudflare support for dns-01

This commit is contained in:
Massaki Archambault 2024-04-05 19:16:28 -04:00
parent 1ad989cd4c
commit 256c31ed28
4 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
group_vars/all.yml
View File

@ -153,17 +153,27 @@ letsencrypt:
- badjware.dev - badjware.dev
- '*.badjware.dev' - '*.badjware.dev'
email: marchambault@badjware.dev email: marchambault@badjware.dev
digitalocean: cloudflare:
token: !vault | email: marchambault@badjware.dev
api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35643864626166636564363831336663363335356530316464353864643030316662633230343763 63633030346535666665366565663237626164343939303930663339363430653064616638343831
3439343831386632366137376137383936396164646237640a633132356332636134653832666636 3365313362613934666535323261643266313630646137320a323564303234316637653234653563
63386235636632613666393036643737633635613139326362353166653264633536633037306632 30653739316665363863393839306232353833663165323962633963306330333963363239306162
3461313436326139330a366265343131366436653635623138373736353262653633666337623935 3465663233383163330a313532663161653732663565396339306631326564626164393761333838
31653964336664313261373031613566636337643934316430306638626631633434366164306639 66346336396163663361333962333137336538643062343732636437626135656464366137316234
30616238613334633933343339393938326561633036633062323463636161336665373732626330 6533396561346635383166346131303438326233303831653734
37386264353239353435643266333033353931336637343038353765396134333763386637653638 # digitalocean:
35343739666634323562 # token: !vault |
# $ANSIBLE_VAULT;1.1;AES256
# 35643864626166636564363831336663363335356530316464353864643030316662633230343763
# 3439343831386632366137376137383936396164646237640a633132356332636134653832666636
# 63386235636632613666393036643737633635613139326362353166653264633536633037306632
# 3461313436326139330a366265343131366436653635623138373736353262653633666337623935
# 31653964336664313261373031613566636337643934316430306638626631633434366164306639
# 30616238613334633933343339393938326561633036633062323463636161336665373732626330
# 37386264353239353435643266333033353931336637343038353765396134333763386637653638
# 35343739666634323562
wireguard: wireguard:
address: 10.100.0.1/24 address: 10.100.0.1/24

1
roles/haproxy/tasks/main.yml
View File

@ -4,6 +4,7 @@
- haproxy - haproxy
- certbot - certbot
- python3-certbot-dns-digitalocean - python3-certbot-dns-digitalocean
- python3-certbot-dns-cloudflare
update_cache: yes update_cache: yes
state: present state: present

6
roles/haproxy/templates/certbot-creds.ini
View File

@ -1 +1,7 @@
{% if letsencrypt.digitalocean is defined %}
dns_digitalocean_token = {{ letsencrypt.digitalocean.token }} dns_digitalocean_token = {{ letsencrypt.digitalocean.token }}
{% endif %}
{% if letsencrypt.cloudflare is defined %}
dns_cloudflare_email= {{ letsencrypt.cloudflare.email }}
dns_cloudflare_api_key = {{ letsencrypt.cloudflare.api_key }}
{% endif %}

9
roles/haproxy/templates/certbot-run.sh
View File

@ -4,8 +4,15 @@ certbot certonly \
--agree-tos \ --agree-tos \
--email {{ letsencrypt.email }} \ --email {{ letsencrypt.email }} \
--deploy-hook '/opt/certbot/certbot-deploy.sh' \ --deploy-hook '/opt/certbot/certbot-deploy.sh' \
{% if letsencrypt.digitalocean is defined %}
--dns-digitalocean \ --dns-digitalocean \
--dns-digitalocean-credentials /opt/certbot/certbot-creds.ini \ --dns-digitalocean-credentials /opt/certbot/certbot-creds.ini \
--dns-digitalocean-propagation-seconds 30 \ --dns-digitalocean-propagation-seconds 60 \
{% endif %}
{% if letsencrypt.cloudflare is defined %}
--dns-cloudflare \
--dns-cloudflare-credentials /opt/certbot/certbot-creds.ini \
--dns-cloudflare-propagation-seconds 60 \
{% endif %}
{% for domain in letsencrypt.domains %}-d '{{ domain }}' {% endfor %} \ {% for domain in letsencrypt.domains %}-d '{{ domain }}' {% endfor %} \
$@ $@