Variabilisation des certificats supplémentaires

2024-10-23 22:21:07 +02:00 · 2024-10-23 22:21:07 +02:00 · e866bec319
commit e866bec319
parent 3f7baa3873
3 changed files with 34 additions and 33 deletions
--- a/files/cert_LIBRETICFR.conf
+++ b/files/cert_LIBRETICFR.conf
@ -1,2 +0,0 @@
-SSLCertificateFile /etc/ssl/certs/libretic.fr.pem
-SSLCertificateKeyFile /etc/ssl/private/libretic.fr.key
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -183,30 +183,6 @@
    - { src: purge-apache2-tmp.sh, dest: /usr/local/bin/ }


- name: Copie le certificat wildcard
-  ansible.builtin.get_url:
-    url: "{{ lookup('env', 'AAP_RESSOURCES_URL') }}/libretic/cert/libretic.fr/fullchain.pem"
-    dest: "/etc/ssl/certs/libretic.fr.pem"
-    username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
-    password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
-    mode: u=rw,g=r,o=r
-    owner: root
-    group: root
-  notify:
-    - restart apache2
-
- name: Copie la clé du certificat wildcard
-  ansible.builtin.get_url:
-    url: "{{ lookup('env', 'AAP_RESSOURCES_URL') }}/libretic/cert/libretic.fr/privkey.pem"
-    dest: "/etc/ssl/private/libretic.fr.key"
-    username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
-    password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
-    mode: u=rw,g=r,o=
-    owner: root
-    group: root
-  notify:
-    - restart apache2
-
 - name: configure - dossier certs-conf
  tags: configure
  file:
@ -214,13 +190,38 @@
    state: directory
    mode: 0660

- name: configure - certs
-  tags: configure
-  copy:
-    src: "{{ item }}"
-    dest: /etc/apache2/certs-conf/
-  with_items:
-    - cert_LIBRETICFR.conf
+
+- name: Copie les certificats supplémentaires
+  ansible.builtin.get_url:
+    url: "{{ item.cert_chain_url }}"
+    dest: "/etc/ssl/certs/{{ item.cert_filename }}"
+    username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
+    password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
+    mode: u=rw,g=r,o=r
+    owner: root
+    group: root
+  with_items: {{ reverse_proxy_additional_certificates }}
+  notify:
+    - restart apache2
+
+- name: Copie les clés des certificats supplémentaires
+  ansible.builtin.get_url:
+    url: "{{ item.cert_key_url }}"
+    dest: "/etc/ssl/certs/{{ item.cert_filename }}"
+    username: "{{ lookup('env', 'AAP_RESSOURCES_USER') }}"
+    password: "{{ lookup('env', 'AAP_RESSOURCES_PASSWORD') }}"
+    mode: u=rw,g=r,o=
+    owner: root
+    group: root
+  with_items: {{ reverse_proxy_additional_certificates }}
+  notify:
+    - restart apache2
+
+- name: Prépare les conf pour les certificats supplémentaires
+  template:
+    src: "cert_template.conf"
+    dest: /etc/apache2/certs-conf/cert_{{ item.name }}.conf
+  with_items: {{ reverse_proxy_additional_certificates }}
  notify:
    - restart apache2

--- a/templates/cert_template.conf
+++ b/templates/cert_template.conf
@ -0,0 +1,2 @@
+SSLCertificateFile /etc/ssl/certs/{{ item.cert_filename }}
+SSLCertificateKeyFile /etc/ssl/private/{{ item.key_filename }}