misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

[fix] role:tlswert_acme_inwx

Browse source
This commit is contained in:
roydfalk 2024-06-09 12:54:47 +02:00
parent e175c56d61
commit fc925d491a
4 changed files with 151 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/tlscert_acme_inwx/defaults/main.json
View file

@ -3,7 +3,6 @@
"var_tlscert_acme_inwx_acme_account_key_path": "/etc/letsencrypt/key", "var_tlscert_acme_inwx_acme_account_key_path": "/etc/letsencrypt/key",
"var_tlscert_acme_inwx_inwx_account_username": "REPLACE_ME", "var_tlscert_acme_inwx_inwx_account_username": "REPLACE_ME",
"var_tlscert_acme_inwx_inwx_account_password": "REPLACE_ME", "var_tlscert_acme_inwx_inwx_account_password": "REPLACE_ME",
"var_tlscert_acme_inwx_domain_base": "example.org", "var_tlscert_acme_inwx_domain": "foo.example.org",
"var_tlscert_acme_inwx_domain_path": "foo",
"var_tlscert_acme_inwx_ssl_directory": "/etc/ssl" "var_tlscert_acme_inwx_ssl_directory": "/etc/ssl"
} }

133
roles/tlscert_acme_inwx/files/tls-get Executable file
View file

@ -0,0 +1,133 @@
#!/usr/bin/env python3
import sys as _sys
import os as _os
import json as _json
import pathlib as _pathlib
import argparse as _argparse
def file_read(path):
handle = open(path, "r")
content = handle.read()
handle.close()
return content
def main():
## args
argument_parser = _argparse.ArgumentParser()
argument_parser.add_argument(
"-c",
"--conf-path",
type = str,
dest = "conf_path",
metavar = "<conf-path>",
default = _os.path.join(str(_pathlib.Path.home()), ".tls-get-conf.json"),
)
argument_parser.add_argument(
dest = "domain",
metavar = "<domain>",
help = "the domain for which the TLS certificate shall be generated"
)
argument_parser.add_argument(
"-t",
"--target-directory",
dest = "target_directory",
type = str,
metavar = "<target-directory>",
default = "/etc/ssl",
)
argument_parser.add_argument(
"-x",
"--challenge-prefix",
dest = "challenge_prefix",
type = str,
metavar = "<challenge-prefix>",
default = "_acme-challenge",
help = "which subdomain to use for ACME challanges",
)
argument_parser.add_argument(
"-w",
"--delay",
dest = "delay",
type = float,
default = 60.0,
metavar = "<delay>",
help = "seconds to wait at end of certbot auth hook",
)
argument_parser.add_argument(
"-q",
"--dry-run",
dest = "dry_run",
action = "store_true",
default = False,
help = "whether to only print the command on stdout instead of executing it",
)
args = argument_parser.parse_args()
## vars
conf = _json.loads(file_read(args.conf_path))
le_dir = "/etc/letsencrypt/live"
## exec
command_certbot = " ".join(
[
"certbot",
"certonly",
("--email='%s'" % conf["acme_account"]["email"]),
# ("--work-dir='%s'" % conf["misc"]["working_directory"]),
"--preferred-challenges='dns'",
"--non-interactive",
"--agree-tos",
("--domain='%s'" % args.domain),
"--manual",
(
"--manual-auth-hook='%s'"
% " ".join(
[
"/usr/local/bin/inwx",
("--username=\"%s\"" % conf["inwx_account"]["username"]),
("--password=\"%s\"" % conf["inwx_account"]["password"]),
"certbot-hook",
("--delay=%.4f" % args.delay),
]
)
),
(
"--post-hook='%s'"
% " ".join(
[
"/usr/local/bin/inwx",
("--username=\"%s\"" % conf["inwx_account"]["username"]),
("--password=\"%s\"" % conf["inwx_account"]["password"]),
"delete",
("--domain=\"%s\"" % (args.challenge_prefix + "." + args.domain)),
("--type=\"TXT\""),
]
)
),
]
)
if (args.dry_run):
_sys.stdout.write(command_certbot + "\n")
else:
_os.system(command_certbot)
subjects = [
{"source_name": "privkey", "target_directory": "private"},
{"source_name": "cert", "target_directory": "certs"},
{"source_name": "chain", "target_directory": "chains"},
{"source_name": "fullchain", "target_directory": "fullchains"},
]
for subject in subjects:
_os.system(
"mkdir --parents %s && cp --dereference %s %s"
% (
_os.path.join(args.target_directory, subject["target_directory"]),
_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),
_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),
)
)
main()

5
roles/tlscert_acme_inwx/info.md
View file

@ -1,3 +1,8 @@
## Beschreibung
- richtet die regelmäßige TLS-Zertifikats-Erstellung für eine Domäne und führt eine Erstellung direkt aus
## Verweise ## Verweise
- [Digital Ocean | How To Acquire a Let's Encrypt Certificate Using Ansible](https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04) - [Digital Ocean | How To Acquire a Let's Encrypt Certificate Using Ansible](https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04)

12
roles/tlscert_acme_inwx/templates/tls-get-conf.json.j2 Normal file
View file

@ -0,0 +1,12 @@
{
"acme_account": {
"email": "{{var_tlscert_acme_inwx_acme_account_email}}"
},
"inwx_account": {
"username": "{{var_tlscert_acme_inwx_inwx_account_username}}",
"password": "{{var_tlscert_acme_inwx_inwx_account_password}}"
},
"misc": {
"working_directory": "/tmp/acme"
}
}