added a few configs

2023-04-17 00:31:28 +02:00 · 2023-04-17 00:31:28 +02:00 · 6d4f607fab
commit 6d4f607fab
parent 9ba73f6088
5 changed files with 47 additions and 15 deletions
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -0,0 +1,12 @@
 ---
 # task/configure file for renew_vault_certificates
 - name: "Copy vault_cert.pem.tpl template"
  ansible.builtin.template:
    src: vault_cert.tpl.j2
    dest: "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl"
    owner: "{{ renew_vault_certificates_vault_user }}"
    group: "{{ renew_vault_certificates_vault_group }}"
    mode: '0600'
  notify:
    - "systemctl-enable-vault-ctpl"
    - "systemctl-restart-vault-ctpl"
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -0,0 +1,15 @@
 ---
 # task/install file for renew_vault_certificates
 - name: "Configure hashicorp repository"
  ansible.builtin.include_role:
    name: ednxzu.manage_repositories
  vars:
    manage_repositories_enable_default_repo: false
    manage_repositories_enable_custom_repo: true
    manage_repositories_custom_repo: "{{ renew_vault_certificates_repository }}"
 - name: "Install vault:{{ hashi_vault_version }}"
  ansible.builtin.include_role:
    name: ednxzu.manage_apt_packages
  vars:
    manage_apt_packages_list: "{{ renew_vault_certificates_packages }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,2 +1,7 @@
 ---
 # task/main file for renew_vault_certificates
 - name: "Import prerequisites.yml"
  ansible.builtin.include_tasks: prerequisites.yml
 - name: "Import install.yml"
  ansible.builtin.include_tasks: install.yml
--- a/tasks/prerequisites.yml
+++ b/tasks/prerequisites.yml
@ -8,3 +8,10 @@
  delegate_to: localhost
  run_once: true
 - name: "Create directory {{ renew_vault_certificates_config_dir }}"
  ansible.builtin.file:
    path: "{{ renew_vault_certificates_config_dir }}"
    state: directory
    owner: "{{ renew_vault_certificates_vault_user }}"
    group: "{{ renew_vault_certificates_vault_group }}"
    mode: '0755'
--- a/templates/vault_config.hcl.j2
+++ b/templates/vault_config.hcl.j2
@ -6,26 +6,19 @@ vault {
 }
 template {
-  source      = "/etc/consul-template/ednz.pem.tpl"
+  source      = "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl"
-  destination = "/opt/vault/tls/ednz.pem"
+  destination = "{{ renew_vault_certificates_cert_dest }}"
  perms       = 0700
-  user        = "vault"
+  user        = "{{ renew_vault_certificates_vault_user }}"
-  group       = "vault"
+  group       = "{{ renew_vault_certificates_vault_group }}"
  command     = "sh -c 'date && pkill -SIGHUP vault'"
 }
 template {
-  source      = "/etc/consul-template/ednz.key.tpl"
+  source      = "{{ renew_vault_certificates_config_dir }}/vault_key.pem.tpl"
-  destination = "/opt/vault/tls/ednz.key"
+  destination = "{{ renew_vault_certificates_key_dest }}"
  perms       = 0700
-  user        = "vault"
+  user        = "{{ renew_vault_certificates_vault_user }}"
-  group       = "vault"
+  group       = "{{ renew_vault_certificates_vault_group }}"
  command     = "sh -c 'date && pkill -SIGHUP vault'"
 }
 template {
  source      = "/etc/consul-template/ca.crt.tpl"
  destination = "/opt/vault/tls/ca.crt"
  user        = "vault"
  group       = "vault"
 }