Initial commit, squashed

2023-12-18 11:22:14 +01:00 · 2023-12-18 11:22:14 +01:00 · 158e8740b8
commit 158e8740b8
83 changed files with 2718 additions and 0 deletions
--- a/roles/certbot_dns/tasks/main.yml
+++ b/roles/certbot_dns/tasks/main.yml
@ -0,0 +1,54 @@
+- name: Enable community package repo
+  lineinfile:
+    path: /etc/apk/repositories
+    regexp: '^# *(http.*/v[^/]*/community)'
+    line: '\1'
+    backrefs: yes
+
+- name: Install packages
+  package:
+    name: bind-tools,certbot,krb5,py3-pexpect
+
+- name: Configure kerberos
+  template:
+    dest: /etc/krb5.conf
+    src: krb5.conf.j2
+
+- name: Copy DNS updater scripts for certbot
+  template:
+    dest: "/usr/local/bin/{{ item }}"
+    src: "{{ item }}.j2"
+    mode: 0700
+  with_items:
+    - certbot-auth
+    - certbot-cleanup
+
+- name: Init kerberos keytab
+  expect:
+    command: ktutil
+    responses:
+      ".*:":
+        - "add_entry -password -p {{ ldap_user }} -k 1 -e aes256-cts-hmac-sha1-96"
+        - "{{ ldap_pass }}"
+        - "write_kt /etc/krb5.keytab"
+        - "exit"
+  args:
+    creates: /etc/krb5.keytab
+
+- name: Create LE account
+  command:
+    cmd: certbot register --agree-tos --register-unsafely-without-email
+    creates: /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/meta.json
+
+- name: Create LE certificate
+  command:
+    cmd: certbot certonly --quiet --manual --preferred-challenges=dns --manual-auth-hook certbot-auth --manual-cleanup-hook certbot-cleanup -d {{ fqdn }}
+    creates: "/etc/letsencrypt/renewal/{{ fqdn }}.conf"
+
+- name: Enable certbot renewal
+  cron:
+    name: "certbot renew"
+    job: "certbot renew --quiet"
+    user: root
+    hour: "2,14"
+    minute: "38"