This is Test

From bc98352d3e331003db625be96139b3c1f95f63b2 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 9 Aug 2023 14:38:23 +0200 Subject: nginx/vhost: major change in certifcate/tls handling (WIP) --- roles/apps/mumble/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'roles/apps/mumble/tasks/main.yml') diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml index 33331dca..92659b66 100644 --- a/roles/apps/mumble/tasks/main.yml +++ b/roles/apps/mumble/tasks/main.yml @@ -1,4 +1,10 @@ --- +- name: check if acme_client is set to acmetool + assert: + msg: "this role currently only works with acmetool" + that: + - acme_client == "acmetool" + - name: add group for mumble group: name: mumble -- cgit v1.2.3 From cc98a376ca5ca1509b5c9fcbb59cffad0c1b284d Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 20 Aug 2023 22:25:05 +0200 Subject: sk-testvm: prepare mumble for new tls cert roles --- dan/sk-testvm.yml | 95 ++++++++++++++++++++++--------------- inventory/host_vars/sk-testvm.yml | 25 ++++++++++ inventory/hosts.ini | 1 + roles/apps/mumble/defaults/main.yml | 3 ++ roles/apps/mumble/tasks/main.yml | 2 +- 5 files changed, 87 insertions(+), 39 deletions(-) (limited to 'roles/apps/mumble/tasks/main.yml') diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml index bffb2c9b..698eb7de 100644 --- a/dan/sk-testvm.yml +++ b/dan/sk-testvm.yml @@ -12,13 +12,32 @@ hosts: sk-testvm vars: # acme_client: uacme - # acme_client: acmetool - # cert_provider: "{{ acme_client }}" + acme_client: acmetool + cert_provider: "{{ acme_client }}" # cert_provider: static - cert_provider: selfsigned + # cert_provider: selfsigned roles: + - role: apt-repo/spreadspace + - role: kubernetes/base + - role: kubernetes/standalone/base - role: "x509/{{ cert_provider }}/base" - role: nginx/base + - role: apps/mumble + mumble_version: v1.4.274-4 + mumble_instance: spreadspace + mumble_hostnames: + - test.spreadspace.org + - test.spreadspace.com + - test.spreadspace.net + - test.spreadspace.systems + mumble_superuser_password: "very-secret" + mumble_config_options: + bonjour: false + sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" + welcometext: "Welcome to the spreadspace Mumble Test-Server" + rememberchannel: true + mumble_tls: + certificate_provider: "{{ cert_provider }}" post_tasks: - name: make sure document root directories exist loop: @@ -64,39 +83,39 @@ name: nginx/vhost - - name: install index.html for test server - copy: - dest: /var/www/test/index.html - content: | - - - This is Test - - -

If you can read this the test was successful.

- - + # - name: install index.html for test server + # copy: + # dest: /var/www/test/index.html + # content: | + # + # + # This is Test + # + # + #

+ #

If you can read this the test was successful.

+ #

+ # + # - - name: install test vhost - vars: - nginx_vhost: - name: test - template: generic - tls: - certificate_provider: "{{ cert_provider }}" - hsts: no - hostnames: - - test.spreadspace.org - - test.spreadspace.com - - test.spreadspace.net - - test.spreadspace.systems - locations: - '/': - root: /var/www/test - index: index.html - static_cert_config: "{{ static_cert_config__test }}" - selfsigned_cert_config: "{{ selfsigned_cert_config__test }}" - include_role: - name: nginx/vhost + # - name: install test vhost + # vars: + # nginx_vhost: + # name: test + # template: generic + # tls: + # certificate_provider: "{{ cert_provider }}" + # hsts: no + # hostnames: + # - test.spreadspace.org + # - test.spreadspace.com + # - test.spreadspace.net + # - test.spreadspace.systems + # locations: + # '/': + # root: /var/www/test + # index: index.html + # static_cert_config: "{{ static_cert_config__test }}" + # selfsigned_cert_config: "{{ selfsigned_cert_config__test }}" + # include_role: + # name: nginx/vhost diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 1592914a..f5dca015 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -37,6 +37,31 @@ external_ip: "{{ network.primary.overlay }}" # # https://owncloud.org/news/upgrading-owncloud-on-debian-stable-to-official-packages/ # + +spreadspace_apt_repo_components: + - container + +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 2G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 1G + fs: ext4 + +kubernetes_version: 1.27.4 +kubernetes_cri_tools_pkg_version: 1.26.0-00 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 100 +kubernetes_standalone_cni_variant: with-portmap + + nginx_server_names_hash_bucket_size: 64 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index e58673ce..6b8622db 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -611,6 +611,7 @@ glt-telesto glt-tsdatacop glt-thetys sgg-icecast +sk-testvm [kubernetes:children] kubernetes-cluster diff --git a/roles/apps/mumble/defaults/main.yml b/roles/apps/mumble/defaults/main.yml index 627af125..c9cd9db3 100644 --- a/roles/apps/mumble/defaults/main.yml +++ b/roles/apps/mumble/defaults/main.yml @@ -14,6 +14,9 @@ mumble_dhparam_size: 2048 mumble_timezone: "Europe/Vienna" +# mumble_tls: +# certificate_provider: ... + mumble_config_options: bonjour: false sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml index 92659b66..5cd1f7a9 100644 --- a/roles/apps/mumble/tasks/main.yml +++ b/roles/apps/mumble/tasks/main.yml @@ -3,7 +3,7 @@ assert: msg: "this role currently only works with acmetool" that: - - acme_client == "acmetool" + - mumble_tls.certificate_provider == "acmetool" - name: add group for mumble group: -- cgit v1.2.3 From 70e61b9184dfa81a39926e66722ed3c1743a91c3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 21 Aug 2023 00:38:34 +0200 Subject: apps/mumble: add new generic certificate renewal support --- roles/apps/mumble/tasks/main.yml | 55 ++++++++++------------ roles/apps/mumble/templates/acmetool-reload.sh.j2 | 28 ----------- .../x509/acmetool/cert/finalize/handlers/main.yml | 1 + roles/x509/acmetool/cert/prepare/handlers/main.yml | 4 ++ roles/x509/acmetool/cert/prepare/tasks/main.yml | 37 +++++++++++++++ .../acmetool/cert/prepare/templates/reload.sh.j2 | 31 ++++++++++++ 6 files changed, 98 insertions(+), 58 deletions(-) delete mode 100644 roles/apps/mumble/templates/acmetool-reload.sh.j2 create mode 100644 roles/x509/acmetool/cert/prepare/templates/reload.sh.j2 (limited to 'roles/apps/mumble/tasks/main.yml') diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml index 5cd1f7a9..b59fb5fc 100644 --- a/roles/apps/mumble/tasks/main.yml +++ b/roles/apps/mumble/tasks/main.yml @@ -1,10 +1,4 @@ --- -- name: check if acme_client is set to acmetool - assert: - msg: "this role currently only works with acmetool" - that: - - mumble_tls.certificate_provider == "acmetool" - - name: add group for mumble group: name: mumble @@ -33,31 +27,32 @@ group: mumble mode: 0644 -- name: install acmetool hook script - template: - src: acmetool-reload.sh.j2 - dest: "/etc/acme/hooks/mumble-{{ mumble_instance }}" - mode: 0755 - -- name: install acmetool systemd unit snippet - copy: - dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf" - content: | - [Service] - ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/ssl - register: mumble_acmetool_snippet - -- name: reload systemd - when: mumble_acmetool_snippet is changed - systemd: - daemon_reload: yes - -- name: get certificate using acmetool - import_role: - name: x509/acmetool/cert +- name: generate/install/fetc TLS certificate vars: - acmetool_cert_name: "mumble-{{ mumble_instance }}" - acmetool_cert_hostnames: "{{ mumble_hostnames }}" + x509_certificate_name: "mumble-{{ mumble_instance }}" + x509_certificate_hostnames: "{{ mumble_hostnames }}" + x509_certificate_renewal: + install: + - dest: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl/cert.pem" + src: + - fullchain + owner: root + group: mumble + mode: "0644" + - dest: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl/privkey.pem" + src: + - key + owner: root + group: mumble + mode: "0640" + reload: | + pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$") + [ -n "$pod_id" ] || exit 42 + container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id") + [ -n "$container_id" ] || exit 42 + crictl exec "$container_id" kill -USR1 1 + include_role: + name: "x509/{{ mumble_tls.certificate_provider }}/cert" - name: create mumble data directory file: diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2 deleted file mode 100644 index fd9f01ba..00000000 --- a/roles/apps/mumble/templates/acmetool-reload.sh.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -set -e -EVENT_NAME="$1" -[ "$EVENT_NAME" = "live-updated" ] || exit 42 - -MAIN_HOSTNAME="{{ mumble_hostnames[0] }}" -SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/ssl" - -while read name; do - certdir="$ACME_STATE_DIR/live/$name" - if [ -z "$name" -o ! -e "$certdir" ]; then - continue - fi - if [ "$name" != "$MAIN_HOSTNAME" ]; then - continue - fi - - install -m 0644 -o root -g mumble "$certdir/fullchain" "$SSL_D/cert.pem" - install -m 0640 -o root -g mumble "$certdir/privkey" "$SSL_D/privkey.pem" - - pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$") - [ -n "$pod_id" ] || exit 42 - container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id") - [ -n "$container_id" ] || exit 42 - crictl exec "$container_id" kill -USR1 1 - - break -done diff --git a/roles/x509/acmetool/cert/finalize/handlers/main.yml b/roles/x509/acmetool/cert/finalize/handlers/main.yml index a7fc43ed..02ffa598 100644 --- a/roles/x509/acmetool/cert/finalize/handlers/main.yml +++ b/roles/x509/acmetool/cert/finalize/handlers/main.yml @@ -2,5 +2,6 @@ - name: reconcile acmetool when: not acmetool_reconcile_disabled systemd: + daemon_reload: yes name: acmetool.service state: started diff --git a/roles/x509/acmetool/cert/prepare/handlers/main.yml b/roles/x509/acmetool/cert/prepare/handlers/main.yml index b169d6ca..330bcd11 100644 --- a/roles/x509/acmetool/cert/prepare/handlers/main.yml +++ b/roles/x509/acmetool/cert/prepare/handlers/main.yml @@ -1,4 +1,8 @@ --- +- name: reload systemd + systemd: + daemon_reload: yes + - name: reload services for x509 certificates loop: "{{ x509_certificate_reload_services | default([]) }}" service: diff --git a/roles/x509/acmetool/cert/prepare/tasks/main.yml b/roles/x509/acmetool/cert/prepare/tasks/main.yml index 5bad1e5b..2db332b8 100644 --- a/roles/x509/acmetool/cert/prepare/tasks/main.yml +++ b/roles/x509/acmetool/cert/prepare/tasks/main.yml @@ -40,3 +40,40 @@ x509_certificate_path_cert: "/var/lib/acme/live/{{ acmetool_cert_hostnames[0] }}/cert" x509_certificate_path_chain: "/var/lib/acme/live/{{ acmetool_cert_hostnames[0] }}/chain" x509_certificate_path_fullchain: "/var/lib/acme/live/{{ acmetool_cert_hostnames[0] }}/fullchain" + +- name: setup custom renewal script + when: x509_certificate_renewal is defined + block: + - name: install custom hook script + template: + src: reload.sh.j2 + dest: "/etc/acme/hooks/{{ x509_certificate_name }}" + mode: 0755 + + - name: install acmetool systemd unit snippet + when: "'install' in x509_certificate_renewal" + copy: + dest: "/etc/systemd/system/acmetool.service.d/{{ x509_certificate_name }}.conf" + content: | + [Service] + {% for path in (x509_certificate_renewal.install | map(attribute='dest') | map('dirname') | unique | list) %} + ReadWritePaths={{ path }} + {% endfor %} + notify: reload systemd + + - name: remove acmetool systemd unit snippet + when: "'install' not in x509_certificate_renewal" + file: + path: "/etc/systemd/system/acmetool.service.d/{{ x509_certificate_name }}.conf" + state: absent + notify: reload systemd + +- name: remove custom renewal script + when: x509_certificate_renewal is not defined + loop: + - "/etc/systemd/system/acmetool.service.d/{{ x509_certificate_name }}.conf" + - "/etc/acme/hooks/{{ x509_certificate_name }}" + file: + path: "{{ item }}" + state: absent + notify: reload systemd diff --git a/roles/x509/acmetool/cert/prepare/templates/reload.sh.j2 b/roles/x509/acmetool/cert/prepare/templates/reload.sh.j2 new file mode 100644 index 00000000..f4b8259e --- /dev/null +++ b/roles/x509/acmetool/cert/prepare/templates/reload.sh.j2 @@ -0,0 +1,31 @@ +#!/bin/sh +set -e +EVENT_NAME="$1" +[ "$EVENT_NAME" = "live-updated" ] || exit 42 + +MAIN_HOSTNAME="{{ acmetool_cert_hostnames[0] }}" + +while read name; do + certdir="$ACME_STATE_DIR/live/$name" + if [ -z "$name" -o ! -e "$certdir" ]; then + continue + fi + if [ "$name" != "$MAIN_HOSTNAME" ]; then + continue + fi +{% if 'install' in x509_certificate_renewal %} + +{% for file in x509_certificate_renewal.install %} + install{% if 'mode' in file %} -m {{ file.mode }}{% endif %}{% if 'owner' in file %} -o {{ file.owner }}{% endif %}{% if 'owner' in file %} -g {{ file.group }}{% endif %} /dev/null "{{ file.dest }}.new" +{% for src in file.src %} + cat "{{ hostvars[inventory_hostname]['x509_certificate_path_' + src] }}" >> "{{ file.dest }}.new" + mv "{{ file.dest }}.new" "{{ file.dest }}" +{% endfor %} +{% endfor %} +{% endif %} +{% if 'reload' in x509_certificate_renewal %} + + {{ x509_certificate_renewal.reload | trim | indent(2) }} +{% endif %} + break +done -- cgit v1.2.3 From 8965bcf490149b81c5ad424ccbc5d0c010a1f470 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 22 Aug 2023 17:01:17 +0200 Subject: apps/coturn: move to new generic certificate roles --- dan/sk-testvm.yml | 33 ++++++++---- inventory/host_vars/sk-testvm.yml | 1 + roles/apps/coturn/defaults/main.yml | 3 ++ roles/apps/coturn/tasks/main.yml | 61 +++++++++++------------ roles/apps/coturn/templates/acmetool-reload.sh.j2 | 28 ----------- roles/apps/mumble/tasks/main.yml | 2 +- 6 files changed, 57 insertions(+), 71 deletions(-) delete mode 100644 roles/apps/coturn/templates/acmetool-reload.sh.j2 (limited to 'roles/apps/mumble/tasks/main.yml') diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml index 1d047447..13a0b499 100644 --- a/dan/sk-testvm.yml +++ b/dan/sk-testvm.yml @@ -56,21 +56,32 @@ # index: index.html # static_cert_config: "{{ static_cert_config__test }}" # selfsigned_cert_config: "{{ selfsigned_cert_config__test }}" - - role: apps/mumble - mumble_version: v1.4.274-4 - mumble_instance: spreadspace - mumble_hostnames: + # - role: apps/mumble + # mumble_version: v1.4.274-4 + # mumble_instance: spreadspace + # mumble_hostnames: + # - test.spreadspace.org + # - test.spreadspace.com + # - test.spreadspace.net + # - test.spreadspace.systems + # mumble_superuser_password: "very-secret" + # mumble_config_options: + # bonjour: false + # sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" + # welcometext: "Welcome to the spreadspace Mumble Test-Server" + # rememberchannel: true + # mumble_tls: + # certificate_provider: "{{ cert_provider }}" + - role: apps/coturn + coturn_version: 4.6.2-r4 + coturn_realm: spreadspace + coturn_hostnames: - test.spreadspace.org - test.spreadspace.com - test.spreadspace.net - test.spreadspace.systems - mumble_superuser_password: "very-secret" - mumble_config_options: - bonjour: false - sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" - welcometext: "Welcome to the spreadspace Mumble Test-Server" - rememberchannel: true - mumble_tls: + coturn_auth_secret: "somewhat-secret" + coturn_tls: certificate_provider: "{{ cert_provider }}" post_tasks: - name: make sure document root directories exist diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index f5dca015..a09d8de5 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -59,6 +59,7 @@ kubernetes_version: 1.27.4 kubernetes_cri_tools_pkg_version: 1.26.0-00 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 +kubernetes_standalone_pod_cidr: 192.168.255.0/24 kubernetes_standalone_cni_variant: with-portmap diff --git a/roles/apps/coturn/defaults/main.yml b/roles/apps/coturn/defaults/main.yml index 842e7f05..709d3d07 100644 --- a/roles/apps/coturn/defaults/main.yml +++ b/roles/apps/coturn/defaults/main.yml @@ -17,6 +17,9 @@ coturn_threads: 0 coturn_dhparam_size: 2048 +# coturn_tls: +# certificate_provider: ... + coturn_listening_port: 3478 coturn_tls_listening_port: 5349 diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml index ed0c06ab..4e5adbd5 100644 --- a/roles/apps/coturn/tasks/main.yml +++ b/roles/apps/coturn/tasks/main.yml @@ -1,10 +1,4 @@ --- -- name: check if acme_client is set to acmetool - assert: - msg: "this role currently only works with acmetool" - that: - - acme_client == "acmetool" - - name: add group for coturn group: name: coturn @@ -45,24 +39,28 @@ group: coturn mode: 0644 -- name: install acmetool hook script - template: - src: acmetool-reload.sh.j2 - dest: "/etc/acme/hooks/coturn-{{ coturn_realm }}" - mode: 0755 - -- name: install acmetool systemd unit snippet - copy: - dest: "/etc/systemd/system/acmetool.service.d/coturn-{{ coturn_realm }}.conf" - content: | - [Service] - ReadWritePaths={{ coturn_base_path }}/{{ coturn_realm }}/config/ssl - register: coturn_acmetool_snippet - -- name: reload systemd - when: coturn_acmetool_snippet is changed - systemd: - daemon_reload: yes +- name: compute certificate renewal config + set_fact: + coturn_certificate_renewal: + install: + - dest: "{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl/cert.pem" + src: + - fullchain + owner: root + group: coturn + mode: "0644" + - dest: "{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl/privkey.pem" + src: + - key + owner: root + group: coturn + mode: "0640" + reload: | + pod_id=$(crictl pods -q --state ready --name "^coturn-{{ coturn_realm }}-{{ ansible_nodename }}$") + [ -n "$pod_id" ] || exit 42 + container_id=$(crictl ps -q --name '^coturn$' -p "$pod_id") + [ -n "$container_id" ] || exit 42 + crictl stop "$container_id" - name: configure nginx vhost when: coturn_install_nginx_vhost @@ -70,22 +68,23 @@ nginx_vhost: name: "coturn-{{ coturn_realm }}" template: generic - tls: - certificate_provider: acmetool + tls: "{{ coturn_tls }}" hostnames: "{{ coturn_hostnames }}" locations: '/': return: "404" + x509_certificate_renewal: "{{ coturn_certificate_renewal }}" include_role: name: nginx/vhost -- name: get certificate using acmetool +- name: generate/install/fetch TLS certificate when: not coturn_install_nginx_vhost - import_role: - name: x509/acmetool/cert vars: - acmetool_cert_name: "coturn-{{ coturn_realm }}" - acmetool_cert_hostnames: "{{ coturn_hostnames }}" + x509_certificate_name: "coturn-{{ coturn_realm }}" + x509_certificate_hostnames: "{{ coturn_hostnames }}" + x509_certificate_renewal: "{{ coturn_certificate_renewal }}" + include_role: + name: "x509/{{ coturn_tls.certificate_provider }}/cert" - name: install pod manifest vars: diff --git a/roles/apps/coturn/templates/acmetool-reload.sh.j2 b/roles/apps/coturn/templates/acmetool-reload.sh.j2 deleted file mode 100644 index 08530583..00000000 --- a/roles/apps/coturn/templates/acmetool-reload.sh.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -set -e -EVENT_NAME="$1" -[ "$EVENT_NAME" = "live-updated" ] || exit 42 - -MAIN_HOSTNAME="{{ coturn_hostnames[0] }}" -SSL_D="{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl" - -while read name; do - certdir="$ACME_STATE_DIR/live/$name" - if [ -z "$name" -o ! -e "$certdir" ]; then - continue - fi - if [ "$name" != "$MAIN_HOSTNAME" ]; then - continue - fi - - install -m 0644 -o root -g coturn "$certdir/fullchain" "$SSL_D/cert.pem" - install -m 0640 -o root -g coturn "$certdir/privkey" "$SSL_D/privkey.pem" - - pod_id=$(crictl pods -q --state ready --name "^coturn-{{ coturn_realm }}-{{ ansible_nodename }}$") - [ -n "$pod_id" ] || exit 42 - container_id=$(crictl ps -q --name '^coturn$' -p "$pod_id") - [ -n "$container_id" ] || exit 42 - crictl stop "$container_id" - - break -done diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml index b59fb5fc..5b380725 100644 --- a/roles/apps/mumble/tasks/main.yml +++ b/roles/apps/mumble/tasks/main.yml @@ -27,7 +27,7 @@ group: mumble mode: 0644 -- name: generate/install/fetc TLS certificate +- name: generate/install/fetch TLS certificate vars: x509_certificate_name: "mumble-{{ mumble_instance }}" x509_certificate_hostnames: "{{ mumble_hostnames }}" -- cgit v1.2.3