Commit graph

8 commits

Author SHA1 Message Date
jtbx b2e9c22821 cert, nginx: Update for debian 12 2023-07-09 00:03:38 +02:00
June 82b64e24c6 Fix variable name
Thanks jtbx for pointing that out!
2023-07-08 23:41:12 +02:00
June 8bc60e42a8 Extend distribution_check role to account for Ansible changes reg. facts
Somewhere between ansible [core 2.14.4] and ansible [core 2.15.0] the
logic for the distribution_version Ansible fact got changed. With the
newer Ansible version Debians distribution_version gets reported as 11.7
as opposed to getting reported as 11 with the old Ansible version. To
still allow for useful distribution checks, extend the
distribution_check role by allowing the specification of
distribution_major_versions and distribution_releases as well.
This way you can check for an Ubuntu version by using
distribution_version (which for example resolves to 18.04, while
distribution_major_version would resolve to 18 in that case) and check
for a Debian version by using distribution_major_version (which for
example resolves to 11, while distribution_version would resolve to 11.7
in that case).
2023-07-08 19:58:02 +02:00
June f4a79fb4e2 Make it possible to set custom permissions for certificate files
This is in preparation for a role using OpenSMTPD.
2023-05-09 22:07:44 +02:00
yuri 1bcb77961b
Use the .yaml file extension for all YAML files 2023-05-08 19:55:08 +02:00
julian aac049efb2 Use BIND 9 server instead of Cloudfl. for DNS-01 challenge via nsupdate
Co-authored-by: Jannik Beyerstedt <code@jannikbeyerstedt.de>
2023-04-27 23:38:14 +02:00
julian 4814ea8bda Use one ACME account key per host
This is nicer for us, since this avoids sharing a secret.
Also put certificate directories in `certs` sub-directory for better
organization.
2023-04-25 18:03:59 +02:00
yuri c407f93b0a
Add initial cert role 2023-04-25 13:49:45 +02:00