certbot_dns: move secrets to password store

This commit is contained in:
Timotej Lazar 2024-02-13 13:13:33 +01:00
parent 27dac09549
commit d94e79f8b7
3 changed files with 7 additions and 7 deletions

View file

@ -27,11 +27,11 @@
expect:
command: ktutil
responses:
".*:":
- "add_entry -password -p {{ ldap_user }} -k 1 -e aes256-cts-hmac-sha1-96"
- "{{ ldap_pass }}"
- "write_kt /etc/krb5.keytab"
- "exit"
'.*:':
- 'add_entry -password -p {{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }} -k 1 -e aes256-cts-hmac-sha1-96'
- '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}'
- 'write_kt /etc/krb5.keytab'
- 'exit'
args:
creates: /etc/krb5.keytab

View file

@ -1,7 +1,7 @@
#!/bin/sh
dns={{ dns[0] }}
ldap_user={{ ldap_user }}
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
ttl=10
kinit -k -t /etc/krb5.keytab "${ldap_user}"

View file

@ -1,7 +1,7 @@
#!/bin/sh
dns={{ dns[0] }}
ldap_user={{ ldap_user }}
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
kinit -k -t /etc/krb5.keytab "${ldap_user}"
nsupdate -g <<EOF