Externalize role

2018-10-08 19:35:07 +02:00 · 2018-10-08 19:35:07 +02:00 · 33760a4e3a
commit 33760a4e3a
11 changed files with 222 additions and 0 deletions
--- a/files/etc/letsencrypt/lexicon-gandi.sh
+++ b/files/etc/letsencrypt/lexicon-gandi.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+. /etc/letsencrypt/gandi-api-keys
+
+if [ "$1" != "list" ]; then
+    NAME_VALUE="_acme-challenge.${CERTBOT_DOMAIN}"
+    CONTENT_VALUE="${CERTBOT_VALIDATION}"
+else
+    NAME_VALUE=""
+    CONTENT_VALUE=""
+fi
+
+/usr/bin/lexicon gandi \
+                       --auth-token="${AUTH_TOKEN}" \
+                       --name "${NAME_VALUE}" \
+                       --content "${CONTENT_VALUE}" \
+                       "$1" "${CERTBOT_DOMAIN}" TXT \
+    || exit 255
+
+if [ "$1" == "create" ]; then
+  sleep 1500
+fi
--- a/files/etc/letsencrypt/lexicon-ovh.sh
+++ b/files/etc/letsencrypt/lexicon-ovh.sh
@ -0,0 +1,25 @@
+#!/bin/bash
+
+. /etc/letsencrypt/ovh-api-keys
+
+if [ "$1" != "list" ]; then
+    NAME_VALUE="_acme-challenge.${CERTBOT_DOMAIN}"
+    CONTENT_VALUE="${CERTBOT_VALIDATION}"
+else
+    NAME_VALUE=""
+    CONTENT_VALUE=""
+fi
+
+/usr/bin/lexicon ovh \
+                       --auth-entrypoint "${AUTH_ENTRYPOINT}" \
+                       --auth-application-key "${AUTH_APPLICATION_KEY}" \
+                       --auth-application-secret "${AUTH_APPLICATION_SECRET}" \
+                       --auth-consumer-key "${AUTH_CONSUMER_KEY}" \
+                       --name "${NAME_VALUE}" \
+                       --content "${CONTENT_VALUE}" \
+                       "$1" "${CERTBOT_DOMAIN}" TXT \
+        || exit 255
+
+if [ "$1" == "create" ]; then
+  sleep 120
+fi
--- a/files/httpd_letsencrypt.conf
+++ b/files/httpd_letsencrypt.conf
@ -0,0 +1,8 @@
+Alias /.well-known /var/www/.well-known
+
+<Directory /var/www/.well-known/>
+	Options +FollowSymLinks
+	AllowOverride All
+	order allow,deny
+	allow from all
+</Directory>
--- a/files/nginx_letsencrypt.conf
+++ b/files/nginx_letsencrypt.conf
@ -0,0 +1,15 @@
+server {
+
+   listen 80 default;
+   server_name _;
+   location /.well-known {
+       alias /var/www/.well-known/;
+   }
+   #return 301 https://$host$request_uri;
+   location / {
+       if ($scheme = "http") {
+           rewrite ^ https://$http_host$request_uri? permanent;
+       }
+   }
+}
+
--- a/files/test.html
+++ b/files/test.html
@ -0,0 +1 @@
+<html>Ok</html>