Update to 2021-05-27 00:00

master
Daniel Berteaud 3 years ago
parent 92813968b5
commit 800ebd0ff9
  1. 9
      roles/letsencrypt/templates/domains.txt.j2
  2. 3
      roles/pbs/defaults/main.yml
  3. 1
      roles/pbs/meta/main.yml
  4. 3
      roles/pbs/tasks/install.yml
  5. 11
      roles/pbs/templates/dehydrated_hook.sh.j2

@ -1,4 +1,4 @@
{% for cert in letsencrypt_certs | default([]) %} {#{% for cert in letsencrypt_certs | default([]) %}
{{ cert.common_name }} {{ cert.alt_names | default([]) | join(' ') }} {{ cert.common_name }} {{ cert.alt_names | default([]) | join(' ') }}
{% endfor %} {% endfor %}
{% if nginx_auto_letsencrypt_cert is defined and nginx_auto_letsencrypt_cert and nginx_vhosts is defined %} {% if nginx_auto_letsencrypt_cert is defined and nginx_auto_letsencrypt_cert and nginx_vhosts is defined %}
@ -23,7 +23,7 @@
{% endif %} {% endif %}
{% if graylog_letsencrypt_cert is defined and graylog_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %} {% if graylog_letsencrypt_cert is defined and graylog_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
{{ graylog_letsencrypt_cert }} {{ graylog_letsencrypt_cert }}
{% endif %} {% endif %} #}
{% if zcs_letsencrypt is defined and zcs_letsencrypt and inventory_hostname not in letsencrypt_certs | default([]) | map(attribute='common_name') %} {% if zcs_letsencrypt is defined and zcs_letsencrypt and inventory_hostname not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
{{ inventory_hostname }} {{ zcs_vhosts | default([]) | join(' ') }} {{ inventory_hostname }} {{ zcs_vhosts | default([]) | join(' ') }}
{% endif %} {% endif %}
@ -39,10 +39,13 @@
{% if turn_letsencrypt_cert is defined and turn_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %} {% if turn_letsencrypt_cert is defined and turn_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
{{ turn_letsencrypt_cert }} {{ turn_letsencrypt_cert }}
{% endif %} {% endif %}
{% if rabbitmq_letsencrypt_cert is defined %} {% if rabbitmq_letsencrypt_cert is defined and rabbitmq_letsencrypt_cert != False %}
{% if rabbitmq_letsencrypt_cert is string and rabbitmq_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %} {% if rabbitmq_letsencrypt_cert is string and rabbitmq_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
{{ rabbitmq_letsencrypt_cert }} {{ rabbitmq_letsencrypt_cert }}
{% elif rabbitmq_letsencrypt_cert == True and inventory_hostname not in letsencrypt_certs | default([]) | map(attribute='common_name') %} {% elif rabbitmq_letsencrypt_cert == True and inventory_hostname not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
{{ inventory_hostname }} {{ inventory_hostname }}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if pbs_letsencrypt_cert is defined and pbs_letsencrypt_cert not in letsencrypt_certs | default([]) | map(attribute='common_name') %}
{{ pbs_letsencrypt_cert }}
{% endif %}

@ -2,3 +2,6 @@
# This control access on port 8007. Note that the port is not configurable # This control access on port 8007. Note that the port is not configurable
pbs_src_ip: [] pbs_src_ip: []
# If pbs_letsencrypt_cert can be defined to the name of dehydrated (Let's Encrypt) cert
# letsencrypt_cert: pbs.example.org

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: repo_pbs - role: repo_pbs
- role: mkdir

@ -7,3 +7,6 @@
policy_rc_d: 101 # Prevent the daemon from starting automatically after install policy_rc_d: 101 # Prevent the daemon from starting automatically after install
tags: pbs tags: pbs
- name: Install dehydrated hook
template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/pbs.sh mode=755
tags: pbs

@ -0,0 +1,11 @@
#!/bin/bash
{% if pbs_letsencrypt_cert is defined and pbs_letsencrypt_cert is string %}
if [ $1 == "{{ pbs_letsencrypt_cert }}" ]; then
cat /var/lib/dehydrated/certificates/certs/{{ pbs_letsencrypt_cert }}/privkey.pem > /etc/proxmox-backup/proxy.key
cat /var/lib/dehydrated/certificates/certs/{{ pbs_letsencrypt_cert }}/fullchain.pem > /etc/proxmox-backup/proxy.pem
chown root:backup /etc/proxmox-backup/proxy.{key,pem}
chmod 640 /etc/proxmox-backup/proxy.{key,pem}
/bin/systemctl reload proxmox-backup-proxy
fi
{% endif %}
Loading…
Cancel
Save