Commit 052b5494 authored by HgO's avatar HgO
Browse files

same hooks for all domains

parent 758b6b0d
Pipeline #423 passed with stage
in 2 minutes and 36 seconds
......@@ -15,12 +15,7 @@ letsencrypt_dns_gandi_sharing_id: !vault |
6632383964373738663761343065306137313163303838633763
letsencrypt_staging: false
letsencrypt_domains:
- name: neutrinet.be
hooks:
deploy:
- /etc/letsencrypt/hooks.d/haproxy.py
post:
- systemctl reload haproxy
- neutrinet.be
haproxy:
- hostname: neutrinet.be
......
letsencrypt_domains:
- name: neutrinet.be
hooks:
deploy:
- /etc/letsencrypt/hooks.d/haproxy.py
post:
- systemctl reload haproxy
......@@ -8,6 +8,10 @@
vars:
letsencrypt_hook_scripts:
- haproxy.py
letsencrypt_deploy_hooks:
- /etc/letsencrypt/hooks.d/haproxy.py
letsencrypt_post_hooks:
- systemctl reload haproxy
tags: ['letsencrypt']
- name: Installation des plugins Telegraf
import_role:
......
......@@ -12,8 +12,8 @@
## Prefix your entry with 'file://' if you intend to use relative paths
sources = [
{% for domain in letsencrypt_domains %}
"/etc/haproxy/ssl/{{ domain.name | replace('.', '-') }}-rsa.pem",
"/etc/haproxy/ssl/{{ domain.name | replace('.', '-') }}-ecdsa.pem"{% if not loop.last %},{% endif %}
"/etc/haproxy/ssl/{{ domain | replace('.', '-') }}-rsa.pem",
"/etc/haproxy/ssl/{{ domain | replace('.', '-') }}-ecdsa.pem"{% if not loop.last %},{% endif %}
{% endfor %}
]
......@@ -16,8 +16,7 @@ letsencrypt_dns_gandi_sharing_id: !vault |
letsencrypt_staging: true
letsencrypt_hook_scripts: []
letsencrypt_deploy_hooks: []
letsencrypt_post_hooks: []
letsencrypt_domains:
- name: neutrinet.be
hooks:
deploy: []
post: []
- neutrinet.be
---
- name: Définition du nom du certificat {{ algorithm | upper }} {{ domain.name }}
- name: Définition du nom du certificat {{ algorithm | upper }} {{ domain }}
set_fact:
cert_name: "{{ domain.name | replace('.', '-') }}-{{ algorithm }}"
cert_name: "{{ domain | replace('.', '-') }}-{{ algorithm }}"
- name: Test si le certificat {{ algorithm | upper }} {{ domain.name }} existe
- name: Test si le certificat {{ algorithm | upper }} {{ domain }} existe
stat:
path: /etc/letsencrypt/live/{{ cert_name }}/cert.pem
register: letsencrypt_domain
- name: Création du certificat {{ algorithm | upper }} {{ domain.name }}
- name: Création du certificat {{ algorithm | upper }} {{ domain }}
command: >
/opt/letsencrypt/bin/certbot certonly
--non-interactive
......@@ -23,13 +22,13 @@
--rsa-key-size 4096
{% endif %}
--cert-name {{ cert_name }}
--domain {{ domain.name }}
--domain *\.{{ domain.name }}
{% for hook in domain.hooks.deploy | default([]) %}
--domain {{ domain }}
--domain *\.{{ domain }}
{% for hook in letsencrypt_deploy_hooks %}
--deploy-hook {{ hook | quote }}
{% endfor %}
{% for hook in domain.hooks.post | default([]) %}
{% for hook in letsencrypt_post_hooks %}
--post-hook {{ hook | quote }}
{% endfor %}
......
......@@ -82,4 +82,3 @@
loop: "{{ letsencrypt_domains }}"
loop_control:
loop_var: domain
label: "{{ domain.name }}"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment