Initial commit, squashed

roles/certbot_dns/templates/certbot-auth.j2

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+dns={{ dns[0] }}
+ldap_user={{ ldap_user }}
+ttl=10
+
+kinit -k -t /etc/krb5.keytab "${ldap_user}"
+nsupdate -g <<EOF
+server ${dns}
+update add _acme-challenge.${CERTBOT_DOMAIN} ${ttl} TXT ${CERTBOT_VALIDATION}
+send
+EOF
+sleep $(( ttl + 5 ))

roles/certbot_dns/templates/certbot-cleanup.j2

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+dns={{ dns[0] }}
+ldap_user={{ ldap_user }}
+
+kinit -k -t /etc/krb5.keytab "${ldap_user}"
+nsupdate -g <<EOF
+server ${dns}
+update delete _acme-challenge.${CERTBOT_DOMAIN} TXT
+send
+EOF

roles/certbot_dns/templates/krb5.conf.j2

@@ -0,0 +1,18 @@
+[libdefaults]
+dns_lookup_realm = false
+ticket_lifetime = 24h
+renew_lifetime = 7d
+#forwardable = true
+rdns = false
+default_realm = {{ domain | upper }}
+
+[realms]
+{{ domain | upper }} = {
+{% for server in dns %}
+  kdc = {{ server }}
+{% endfor %}
+}
+
+[domain_realm]
+.fri1.uni-lj.si = {{ domain | upper }}
+fri1.uni-lj.si = {{ domain | upper }}