From 0a09b3ea758d78ff212b52147a484f294dee0f45 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 27 Dec 2023 23:52:49 +0100
Subject: add apps/upstream role

---
 roles/apps/publish/base/defaults/main.yml         |  5 ++++
 roles/apps/publish/base/filter_plugins/publish.py | 28 +++++++++++++++++++++++
 roles/apps/publish/base/tasks/main.yml            | 21 +++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 roles/apps/publish/base/defaults/main.yml
 create mode 100644 roles/apps/publish/base/filter_plugins/publish.py
 create mode 100644 roles/apps/publish/base/tasks/main.yml

(limited to 'roles/apps/publish')

diff --git a/roles/apps/publish/base/defaults/main.yml b/roles/apps/publish/base/defaults/main.yml
new file mode 100644
index 00000000..5a01bc97
--- /dev/null
+++ b/roles/apps/publish/base/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# apps_publish_zone__example:
+#   name: example
+#   certificate_provider: ...
+#   certificate_ca_config: ....
diff --git a/roles/apps/publish/base/filter_plugins/publish.py b/roles/apps/publish/base/filter_plugins/publish.py
new file mode 100644
index 00000000..e0e1463d
--- /dev/null
+++ b/roles/apps/publish/base/filter_plugins/publish.py
@@ -0,0 +1,28 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from functools import partial
+
+from ansible import errors
+
+
+def apps_publish_zones(vars):
+    try:
+        result = []
+        for var in vars.keys():
+            if var.startswith('apps_publish_zone__'):
+                result.append(vars[var])
+        return result
+    except Exception as e:
+        raise errors.AnsibleFilterError("apps_publish_zones(): %s" % str(e))
+
+
+class FilterModule(object):
+
+    ''' apps-publish filters '''
+    filter_map = {
+        'apps_publish_zones': apps_publish_zones,
+    }
+
+    def filters(self):
+        return self.filter_map
diff --git a/roles/apps/publish/base/tasks/main.yml b/roles/apps/publish/base/tasks/main.yml
new file mode 100644
index 00000000..9384b53f
--- /dev/null
+++ b/roles/apps/publish/base/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: generate/install TLS client certificate
+  loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}"
+  loop_control:
+    label: "{{ item.name }}"
+  vars:
+    x509_certificate_name: "apps-publish-{{ item.name }}"
+    x509_certificate_hostnames: []
+    x509_certificate_config:
+      ca: "{{ item.certificate_ca_config }}"
+      cert:
+        common_name: "{{ inventory_hostname }}"
+        extended_key_usage:
+        - clientAuth
+        extended_key_usage_critical: yes
+        create_subject_key_identifier: yes
+        not_after: +100w
+    x509_certificate_reload_services:
+    - nginx
+  include_role:
+    name: "x509/{{ item.certificate_provider }}/cert"
-- 
cgit v1.2.3