From 22ab3586a1825e64554f8b3be3b5b157325b5aa6 Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Sun, 14 Apr 2024 18:30:16 -0500 Subject: [PATCH] lego: add configuration --- group_vars/all/main.yaml | 4 ++++ host_vars/jump0.kill0.net/all.yaml | 22 ++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/group_vars/all/main.yaml b/group_vars/all/main.yaml index f816983..0bedd16 100644 --- a/group_vars/all/main.yaml +++ b/group_vars/all/main.yaml @@ -368,3 +368,7 @@ influxdb_package_state: absent telegraf_service_enabled: false telegraf_service_state: stopped telegraf_package_state: absent + +lego_credential_files: + - name: credentials.json + content: "{{ vault_lego_gcp_service_account | string }}" diff --git a/host_vars/jump0.kill0.net/all.yaml b/host_vars/jump0.kill0.net/all.yaml index 9cb0ae7..a1181df 100644 --- a/host_vars/jump0.kill0.net/all.yaml +++ b/host_vars/jump0.kill0.net/all.yaml @@ -18,6 +18,28 @@ certbot_certificates: - domains: - cavi.cc email: rcavicchioni@gmail.com + - domains: + - proxy.kill0.net + email: rcavicchioni@gmail.com + +lego_user_environ: + GCE_PROJECT: kill0-net + GCE_SERVICE_ACCOUNT_FILE: "{{ lego_etc_dir_path }}/credentials.json" + +lego_bin_user_args: + - --email rcavicchioni@gmail.com + - --dns gcloud + +lego_bin_renew_user_args: + - --renew-hook "systemctl reload nginx" + +lego_domains: + - name: cavi.cc + - name: dl.kill0.net + - name: git.kill0.net + - name: monitor.kill0.net + - name: proxy.kill0.net + - name: stats.kill0.net autossh_config: []