add apps/upstream role

author: Christian Pointner <equinox@spreadspace.org> 2023-12-27 23:52:49 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2023-12-27 23:52:49 +0100
commit: 0a09b3ea758d78ff212b52147a484f294dee0f45 (patch)
tree: 5994c43af496080b082fbc9145ed4fe04d9432cf /roles
parent: prometheus: finalize update for chrony-exporter (diff)
3 files changed, 54 insertions, 0 deletions
diff --git a/roles/apps/publish/base/defaults/main.yml b/roles/apps/publish/base/defaults/main.yml
new file mode 100644
index 00000000..5a01bc97
--- /dev/null
+++ b/roles/apps/publish/base/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# apps_publish_zone__example:
+#   name: example
+#   certificate_provider: ...
+#   certificate_ca_config: ....
diff --git a/roles/apps/publish/base/filter_plugins/publish.py b/roles/apps/publish/base/filter_plugins/publish.py
new file mode 100644
index 00000000..e0e1463d
--- /dev/null
+++ b/roles/apps/publish/base/filter_plugins/publish.py
@@ -0,0 +1,28 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from functools import partial
+
+from ansible import errors
+
+
+def apps_publish_zones(vars):
+    try:
+        result = []
+        for var in vars.keys():
+            if var.startswith('apps_publish_zone__'):
+                result.append(vars[var])
+        return result
+    except Exception as e:
+        raise errors.AnsibleFilterError("apps_publish_zones(): %s" % str(e))
+
+
+class FilterModule(object):
+
+    ''' apps-publish filters '''
+    filter_map = {
+        'apps_publish_zones': apps_publish_zones,
+    }
+
+    def filters(self):
+        return self.filter_map
diff --git a/roles/apps/publish/base/tasks/main.yml b/roles/apps/publish/base/tasks/main.yml
new file mode 100644
index 00000000..9384b53f
--- /dev/null
+++ b/roles/apps/publish/base/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: generate/install TLS client certificate
+  loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}"
+  loop_control:
+    label: "{{ item.name }}"
+  vars:
+    x509_certificate_name: "apps-publish-{{ item.name }}"
+    x509_certificate_hostnames: []
+    x509_certificate_config:
+      ca: "{{ item.certificate_ca_config }}"
+      cert:
+        common_name: "{{ inventory_hostname }}"
+        extended_key_usage:
+        - clientAuth
+        extended_key_usage_critical: yes
+        create_subject_key_identifier: yes
+        not_after: +100w
+    x509_certificate_reload_services:
+    - nginx
+  include_role:
+    name: "x509/{{ item.certificate_provider }}/cert"
author	Christian Pointner <equinox@spreadspace.org>	2023-12-27 23:52:49 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2023-12-27 23:52:49 +0100
commit	0a09b3ea758d78ff212b52147a484f294dee0f45 (patch)
tree	5994c43af496080b082fbc9145ed4fe04d9432cf /roles
parent	prometheus: finalize update for chrony-exporter (diff)