network/roles/certbot_dns/templates/certbot-auth.j2

#!/bin/sh

dns={{ dns[0] }}
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
ttl=10

kinit -k -t /etc/krb5.keytab "${ldap_user}"
nsupdate -g <<EOF
server ${dns}
update add _acme-challenge.${CERTBOT_DOMAIN} ${ttl} TXT ${CERTBOT_VALIDATION}
send
EOF
sleep $(( ttl + 5 ))
Initial commit, squashed 2023-12-18 10:22:14 +00:00			`#!/bin/sh`

			`dns={{ dns[0] }}`
certbot_dns: move secrets to password store 2024-02-13 12:13:33 +00:00			`ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}`
Initial commit, squashed 2023-12-18 10:22:14 +00:00			`ttl=10`

			`kinit -k -t /etc/krb5.keytab "${ldap_user}"`
			`nsupdate -g <<EOF`
			`server ${dns}`
			`update add _acme-challenge.${CERTBOT_DOMAIN} ${ttl} TXT ${CERTBOT_VALIDATION}`
			`send`
			`EOF`
			`sleep $(( ttl + 5 ))`