roles: Add pf and relayd roles for domain controller

author: Romain Gonçalves <me@rgoncalves.se> 2021-12-11 18:50:33 +0000
committer: Romain Gonçalves <me@rgoncalves.se> 2021-12-11 18:50:33 +0000
commit: de3373e97d133e0ac76fb44deb5dea27c18d8815 (patch)
tree: 5b63b301ff180ef837ca6fb6a676e31cb87d326c /roles/acme/templates/acme-client.conf.j2
parent: e60e99796111ee6d43080b4e48971c08886c0570 (diff)
download: rules-de3373e97d133e0ac76fb44deb5dea27c18d8815.tar.gz
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/acme/templates/acme-client.conf.j2 b/roles/acme/templates/acme-client.conf.j2
new file mode 100644
index 0000000..3792009
--- /dev/null
+++ b/roles/acme/templates/acme-client.conf.j2
@@ -0,0 +1,26 @@
+# managed by Ansible
+{% import 'macros.j2' as macros with context %}
+
+authority letsencrypt {
+	api url "https://acme-v02.api.letsencrypt.org/directory"
+	account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+domain {{ acme_domain_name }} {
+	alternative names { www.{{ acme_domain_name }} }
+	domain key "/etc/ssl/private/{{ acme_domain_name }}.key"
+	domain full chain certificate "/etc/ssl/{{ acme_domain_name }}.crt"
+	sign with letsencrypt
+}
+
+{% call(h) macros.loop_valid_hosts("servers") -%}
+{% for service in h.__services if service.domain is defined %}
+domain {{ service.domain }}.{{ acme_domain_name }} {
+	{% set domain = service.domain ~ "." ~ acme_domain_name %}
+	alternative names { www.{{ domain }} }
+	domain key "/etc/ssl/private/{{ domain }}.key"
+	domain full chain certificate "/etc/ssl/{{ domain }}.crt"
+	sign with letsencrypt
+}
+{% endfor %}
+{%- endcall %}
author	Romain Gonçalves <me@rgoncalves.se>	2021-12-11 18:50:33 +0000
committer	Romain Gonçalves <me@rgoncalves.se>	2021-12-11 18:50:33 +0000
commit	de3373e97d133e0ac76fb44deb5dea27c18d8815 (patch)
tree	5b63b301ff180ef837ca6fb6a676e31cb87d326c /roles/acme/templates/acme-client.conf.j2
parent	e60e99796111ee6d43080b4e48971c08886c0570 (diff)
download	rules-de3373e97d133e0ac76fb44deb5dea27c18d8815.tar.gz