subspace 2.0.3 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/letsencrypt_dns/defaults/main.yml +4 -0
- data/ansible/roles/letsencrypt_dns/tasks/main.yml +133 -0
- data/ansible/roles/nginx/handlers/main.yml +4 -0
- data/lib/subspace/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1c1d8c7fb4a41ced1e5d8729d42307789cbb0a0fdb32301808b47a133c6cca09
|
4
|
+
data.tar.gz: f71bcae77eea9476a364df26eacd5c5c315caf709b8bcf3aa61210eea922ccdc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bd653d0e611be208f4daec8edff6385181dfbc1034d8bf4bb4fc60febc5ead184c0579e3e67578c4888eaf6604b8309aa44ba9be82b82cd7254289b8435077cc
|
7
|
+
data.tar.gz: 5f37a070a6c43fa32ade2fa2a4a4bb6c4c18d30ef70677a83009dec8d71300542eb740b1d12010623877671c7a64764f68afe5c269de69dd83bdb17363b90713
|
data/CHANGELOG.md
CHANGED
@@ -10,6 +10,9 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
10
10
|
* Not working on OSX - macs don't read from /etc/profile.d/
|
11
11
|
* Stops showing color if you `sudo su`
|
12
12
|
|
13
|
+
## 2.0.4
|
14
|
+
* Add letsencrypt_dns role for doing DNS validation vs HTTP validation
|
15
|
+
|
13
16
|
## 2.0.3
|
14
17
|
* Fix bundler / gem version installation on new/vanilla servers
|
15
18
|
|
@@ -4,7 +4,7 @@ This server brought to you by:
|
|
4
4
|
\___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
|
5
5
|
___) | |_| | |_) |__) | |_) | (_| | (_| __/
|
6
6
|
|____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
|
7
|
-
|_| v2.0.
|
7
|
+
|_| v2.0.4
|
8
8
|
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
9
9
|
|
10
10
|
If you need to make configuration changes to the server, please modify the
|
@@ -0,0 +1,133 @@
|
|
1
|
+
- name: Update repositories cache and install pip and setuptools package
|
2
|
+
apt:
|
3
|
+
name: [python-pip, python-setuptools]
|
4
|
+
update_cache: yes
|
5
|
+
|
6
|
+
- pip:
|
7
|
+
name: [pyopenssl, boto]
|
8
|
+
tags:
|
9
|
+
- cert
|
10
|
+
|
11
|
+
- name: Creates private key directory
|
12
|
+
file:
|
13
|
+
path: "/etc/letsencrypt/live/{{ server_name }}"
|
14
|
+
state: directory
|
15
|
+
tags:
|
16
|
+
- cert
|
17
|
+
|
18
|
+
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
|
19
|
+
openssl_privatekey:
|
20
|
+
path: "/etc/letsencrypt/live/{{ server_name }}/privkey.pem"
|
21
|
+
register: privkey
|
22
|
+
tags:
|
23
|
+
- cert
|
24
|
+
|
25
|
+
- name: Generate an OpenSSL account key with the default values (4096 bits, RSA)
|
26
|
+
openssl_privatekey:
|
27
|
+
path: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
28
|
+
tags:
|
29
|
+
- cert
|
30
|
+
|
31
|
+
- name: Generate an OpenSSL Certificate Signing Request
|
32
|
+
openssl_csr:
|
33
|
+
path: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
34
|
+
privatekey_path: "/etc/letsencrypt/live/{{ server_name }}/privkey.pem"
|
35
|
+
country_name: US
|
36
|
+
email_address: "{{ letsencrypt_email }}"
|
37
|
+
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
|
38
|
+
when: privkey is changed
|
39
|
+
register: csr
|
40
|
+
with_dict:
|
41
|
+
dns_server:
|
42
|
+
- "{{ server_name }}"
|
43
|
+
- "*.{{ server_name }}"
|
44
|
+
tags:
|
45
|
+
- cert
|
46
|
+
|
47
|
+
- name: Create a challenge using an account key from a variable.
|
48
|
+
acme_certificate:
|
49
|
+
acme_version: 2
|
50
|
+
account_key_src: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
51
|
+
csr: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
52
|
+
cert: "/etc/letsencrypt/live/{{ server_name }}/server.crt"
|
53
|
+
fullchain: "/etc/letsencrypt/live/{{ server_name }}/fullchain.crt"
|
54
|
+
chain: "/etc/letsencrypt/live/{{ server_name }}/intermediate.crt"
|
55
|
+
challenge: dns-01
|
56
|
+
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
57
|
+
terms_agreed: yes
|
58
|
+
remaining_days: 60
|
59
|
+
when: csr is changed
|
60
|
+
register: le_challenge
|
61
|
+
tags:
|
62
|
+
- cert
|
63
|
+
|
64
|
+
- name: Install txt record on route53
|
65
|
+
route53:
|
66
|
+
zone: "{{ route53_zone }}"
|
67
|
+
type: TXT
|
68
|
+
ttl: 60
|
69
|
+
state: present
|
70
|
+
wait: yes
|
71
|
+
record: "{{ item.key }}"
|
72
|
+
value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
|
73
|
+
aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
|
74
|
+
aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
|
75
|
+
overwrite: yes
|
76
|
+
loop: "{{ le_challenge.challenge_data_dns | default({}) | dict2items }}"
|
77
|
+
tags:
|
78
|
+
- cert
|
79
|
+
|
80
|
+
- name: Flush dns cache
|
81
|
+
become: true
|
82
|
+
command: "systemd-resolve --flush-caches"
|
83
|
+
when: le_challenge is changed
|
84
|
+
tags:
|
85
|
+
- cert
|
86
|
+
|
87
|
+
- name: "Wait for DNS"
|
88
|
+
when: le_challenge is changed
|
89
|
+
pause:
|
90
|
+
minutes: 2
|
91
|
+
tags:
|
92
|
+
- cert
|
93
|
+
|
94
|
+
- name: Let the challenge be validated and retrieve the cert and intermediate certificate
|
95
|
+
acme_certificate:
|
96
|
+
acme_version: 2
|
97
|
+
account_key_src: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
98
|
+
csr: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
99
|
+
cert: "/etc/letsencrypt/live/{{ server_name }}/server.crt"
|
100
|
+
fullchain: "/etc/letsencrypt/live/{{ server_name }}/fullchain.crt"
|
101
|
+
chain: "/etc/letsencrypt/live/{{ server_name }}/intermediate.crt"
|
102
|
+
challenge: dns-01
|
103
|
+
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
104
|
+
remaining_days: 60
|
105
|
+
terms_agreed: yes
|
106
|
+
data: "{{ le_challenge }}"
|
107
|
+
when: le_challenge is changed
|
108
|
+
tags:
|
109
|
+
- cert
|
110
|
+
|
111
|
+
- name: Delete txt record on route53
|
112
|
+
route53:
|
113
|
+
zone: "{{ route53_zone }}"
|
114
|
+
type: TXT
|
115
|
+
ttl: 60
|
116
|
+
state: absent
|
117
|
+
wait: yes
|
118
|
+
record: "{{ item.key }}"
|
119
|
+
value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
|
120
|
+
aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
|
121
|
+
aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
|
122
|
+
overwrite: yes
|
123
|
+
loop: "{{ le_challenge.challenge_data_dns | default({}) | dict2items }}"
|
124
|
+
tags:
|
125
|
+
- cert
|
126
|
+
|
127
|
+
- name: restart webserver
|
128
|
+
debug: msg="restart webserver"
|
129
|
+
notify: restart webserver
|
130
|
+
changed_when: true
|
131
|
+
when: le_challenge is changed
|
132
|
+
tags:
|
133
|
+
- cert
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-06-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -140,6 +140,8 @@ files:
|
|
140
140
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
141
141
|
- ansible/roles/letsencrypt/defaults/main.yml
|
142
142
|
- ansible/roles/letsencrypt/tasks/main.yml
|
143
|
+
- ansible/roles/letsencrypt_dns/defaults/main.yml
|
144
|
+
- ansible/roles/letsencrypt_dns/tasks/main.yml
|
143
145
|
- ansible/roles/logrotate/LICENSE
|
144
146
|
- ansible/roles/logrotate/README.md
|
145
147
|
- ansible/roles/logrotate/defaults/main.yml
|
@@ -298,7 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
298
300
|
version: '0'
|
299
301
|
requirements: []
|
300
302
|
rubyforge_project:
|
301
|
-
rubygems_version: 2.7.
|
303
|
+
rubygems_version: 2.7.7
|
302
304
|
signing_key:
|
303
305
|
specification_version: 4
|
304
306
|
summary: Ansible-based server provisioning for rails projects
|