From de8b4a8e586979d4f2978a25b5e35cb934b148af Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 22 Aug 2023 22:06:12 +0200
Subject: add ownca x509/certifcate provider

---
 dan/sk-testvm.yml | 65 +++++++++++++++++++++++++++++--------------------------
 1 file changed, 34 insertions(+), 31 deletions(-)

(limited to 'dan')

diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml
index 13a0b499..a004f9b5 100644
--- a/dan/sk-testvm.yml
+++ b/dan/sk-testvm.yml
@@ -11,11 +11,12 @@
 - name: Payload Setup
   hosts: sk-testvm
   vars:
-    acme_client: uacme
+    # acme_client: uacme
     # acme_client: acmetool
-    cert_provider: "{{ acme_client }}"
+    # cert_provider: "{{ acme_client }}"
     # cert_provider: static
     # cert_provider: selfsigned
+    cert_provider: ownca
   roles:
   - role: apt-repo/spreadspace
   - role: kubernetes/base
@@ -38,24 +39,26 @@
           index: index.html
     static_cert_config: "{{ static_cert_config__default }}"
     selfsigned_cert_config: "{{ selfsigned_cert_config__default }}"
-  # - role: nginx/vhost
-  #   nginx_vhost:
-  #     name: test
-  #     template: generic
-  #     tls:
-  #       certificate_provider: "{{ cert_provider }}"
-  #       hsts: no
-  #     hostnames:
-  #     - test.spreadspace.org
-  #     - test.spreadspace.com
-  #     - test.spreadspace.net
-  #     - test.spreadspace.systems
-  #     locations:
-  #       '/':
-  #         root: /var/www/test
-  #         index: index.html
-  #   static_cert_config: "{{ static_cert_config__test }}"
-  #   selfsigned_cert_config: "{{ selfsigned_cert_config__test }}"
+    ownca_cert_config: "{{ ownca_cert_config__default }}"
+  - role: nginx/vhost
+    nginx_vhost:
+      name: test
+      template: generic
+      tls:
+        certificate_provider: "{{ cert_provider }}"
+        hsts: no
+      hostnames:
+      - test.spreadspace.org
+      - test.spreadspace.com
+      - test.spreadspace.net
+      - test.spreadspace.systems
+      locations:
+        '/':
+          root: /var/www/test
+          index: index.html
+    static_cert_config: "{{ static_cert_config__test }}"
+    selfsigned_cert_config: "{{ selfsigned_cert_config__test }}"
+    ownca_cert_config: "{{ ownca_cert_config__test }}"
   # - role: apps/mumble
   #   mumble_version: v1.4.274-4
   #   mumble_instance: spreadspace
@@ -72,17 +75,17 @@
   #     rememberchannel: true
   #   mumble_tls:
   #     certificate_provider: "{{ cert_provider }}"
-  - role: apps/coturn
-    coturn_version: 4.6.2-r4
-    coturn_realm: spreadspace
-    coturn_hostnames:
-    - test.spreadspace.org
-    - test.spreadspace.com
-    - test.spreadspace.net
-    - test.spreadspace.systems
-    coturn_auth_secret: "somewhat-secret"
-    coturn_tls:
-      certificate_provider: "{{ cert_provider }}"
+  # - role: apps/coturn
+  #   coturn_version: 4.6.2-r4
+  #   coturn_realm: spreadspace
+  #   coturn_hostnames:
+  #   - test.spreadspace.org
+  #   - test.spreadspace.com
+  #   - test.spreadspace.net
+  #   - test.spreadspace.systems
+  #   coturn_auth_secret: "somewhat-secret"
+  #   coturn_tls:
+  #     certificate_provider: "{{ cert_provider }}"
   post_tasks:
   - name: make sure document root directories exist
     loop:
-- 
cgit v1.2.3