diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-08-22 19:53:49 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-08-22 19:53:49 +0200 |
commit | fc5d0657bfcba53ace230ff2ada64b7fcf9b97a3 (patch) | |
tree | 350a8d401e0113bff7d78aee4d8547cddf06b8f7 /roles/apps/coturn/tasks/main.yml | |
parent | fix docker for debian bookworm+ (diff) | |
parent | some more cleanup for acme specific variables (diff) |
Merge branch 'topic/uacme'
Diffstat (limited to 'roles/apps/coturn/tasks/main.yml')
-rw-r--r-- | roles/apps/coturn/tasks/main.yml | 59 |
1 files changed, 34 insertions, 25 deletions
diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml index 42ccd2b3..4e5adbd5 100644 --- a/roles/apps/coturn/tasks/main.yml +++ b/roles/apps/coturn/tasks/main.yml @@ -39,43 +39,52 @@ group: coturn mode: 0644 -- name: install acmetool hook script - template: - src: acmetool-reload.sh.j2 - dest: "/etc/acme/hooks/coturn-{{ coturn_realm }}" - mode: 0755 - -- name: install acmetool systemd unit snippet - copy: - dest: "/etc/systemd/system/acmetool.service.d/coturn-{{ coturn_realm }}.conf" - content: | - [Service] - ReadWritePaths={{ coturn_base_path }}/{{ coturn_realm }}/config/ssl - register: coturn_acmetool_snippet - -- name: reload systemd - when: coturn_acmetool_snippet is changed - systemd: - daemon_reload: yes +- name: compute certificate renewal config + set_fact: + coturn_certificate_renewal: + install: + - dest: "{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl/cert.pem" + src: + - fullchain + owner: root + group: coturn + mode: "0644" + - dest: "{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl/privkey.pem" + src: + - key + owner: root + group: coturn + mode: "0640" + reload: | + pod_id=$(crictl pods -q --state ready --name "^coturn-{{ coturn_realm }}-{{ ansible_nodename }}$") + [ -n "$pod_id" ] || exit 42 + container_id=$(crictl ps -q --name '^coturn$' -p "$pod_id") + [ -n "$container_id" ] || exit 42 + crictl stop "$container_id" - name: configure nginx vhost when: coturn_install_nginx_vhost vars: nginx_vhost: name: "coturn-{{ coturn_realm }}" - content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" - acme: true + template: generic + tls: "{{ coturn_tls }}" hostnames: "{{ coturn_hostnames }}" + locations: + '/': + return: "404" + x509_certificate_renewal: "{{ coturn_certificate_renewal }}" include_role: name: nginx/vhost -- name: get certificate using acmetool +- name: generate/install/fetch TLS certificate when: not coturn_install_nginx_vhost - import_role: - name: x509/acmetool/cert vars: - acmetool_cert_name: "coturn-{{ coturn_realm }}" - acmetool_cert_hostnames: "{{ coturn_hostnames }}" + x509_certificate_name: "coturn-{{ coturn_realm }}" + x509_certificate_hostnames: "{{ coturn_hostnames }}" + x509_certificate_renewal: "{{ coturn_certificate_renewal }}" + include_role: + name: "x509/{{ coturn_tls.certificate_provider }}/cert" - name: install pod manifest vars: |