summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTristan Weil2019-03-18 09:47:34 +0100
committerTristan Weil2019-04-18 15:10:01 +0200
commitcf9e550d831f21fa6c1b0d8e9d6c0865e0238125 (patch)
tree05a41e376174449a43bdb8b6a0257fc74e9a8b18
parent6f112d2df55c826483b1e0a165c12a05d77589b2 (diff)
downloadrepository-cf9e550d831f21fa6c1b0d8e9d6c0865e0238125.zip
repository-cf9e550d831f21fa6c1b0d8e9d6c0865e0238125.tar.gz
repository-cf9e550d831f21fa6c1b0d8e9d6c0865e0238125.tar.bz2
Add the role to add CAA dns records
-rw-r--r--Project_Install.yml14
-rw-r--r--inventories/t18s.fr/group_vars/repository/ssl_caa.yml11
2 files changed, 25 insertions, 0 deletions
diff --git a/Project_Install.yml b/Project_Install.yml
index d6fb614..584a07a 100644
--- a/Project_Install.yml
+++ b/Project_Install.yml
@@ -14,6 +14,14 @@
roles:
- role: t18s.fr_cgit-stack
+ tags:
+ - Project::repository::cgit-stack
+
+ - role: t18s.fr_ssl_caa
+
+ tags:
+ - Project::repository::ssl_caa
+
- role: t18s.fr_ssh_fingerprint
ssh_fingerprint_hosts:
- "{{ inventory_hostname }}"
@@ -21,7 +29,13 @@
ssh_fingerprint_ssh_dir_mode: "0750"
ssh_fingerprint_known_host_mode: "0640"
+ tags:
+ - Project::repository::ssh_fingerprint
+
- role: t18s.fr_ssh_keygen
ssh_keygen_user: root
ssh_keygen_ssh_dir_mode: "0750"
ssh_keygen_ssh_key_mode: "0600"
+
+ tags:
+ - Project::repository::ssh_keygen
diff --git a/inventories/t18s.fr/group_vars/repository/ssl_caa.yml b/inventories/t18s.fr/group_vars/repository/ssl_caa.yml
new file mode 100644
index 0000000..3ea234f
--- /dev/null
+++ b/inventories/t18s.fr/group_vars/repository/ssl_caa.yml
@@ -0,0 +1,11 @@
+---
+
+ssl_caa_dns_provider: gandi
+ssl_caa_dns_provider_api_protocol: rest
+ssl_caa_dns_provider_auth_token: "{{ lookup('hashi_vault', 'url={{ hashi_vault_url }} {{ hashi_vault_cx }} secret=secret/v1/common/gandi')['v5_api_key'] }}"
+
+ssl_caa_domains:
+ - "{{ inventory_hostname }}"
+ - "git.t18s.fr"
+
+ssl_caa_top_domain: t18s.fr