From d43cdbc412d6548447d3d4c6238fc56c99e09d98 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Tue, 19 Jan 2021 21:58:10 +0100 Subject: space_server: radius: use letsencrypt certificate --- roles/space_server/tasks/radius.yml | 85 ++++++------------------------------- 1 file changed, 14 insertions(+), 71 deletions(-) (limited to 'roles/space_server/tasks') diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml index 614d1b7..7ea88b1 100644 --- a/roles/space_server/tasks/radius.yml +++ b/roles/space_server/tasks/radius.yml @@ -110,78 +110,21 @@ # # certificates # -- name: Configure /etc/raddb/certs/passwords.mk - replace: - path: '/etc/raddb/certs/passwords.mk' - regexp: '^CA_DEFAULT_DAYS( *= *).*$' - replace: "CA_DEFAULT_DAYS\\1'3652'" - tags: radius-certs - -- name: Configure /etc/raddb/certs/ca.cnf - ini_file: - path: '/etc/raddb/certs/ca.cnf' - section: "{{ item.key.split('.',1)[0] }}" - option: "{{ item.key.split('.',1)[1] }}" - value: "{{ (item.value is string)|ternary(item.value,omit) }}" - state: "{{ (item.value is string)|ternary('present','absent') }}" - with_dict: - ' CA_default .default_days': '3652' - 'certificate_authority.countryName': 'DK' - 'certificate_authority.stateOrProvinceName': 'Copenhagen' - 'certificate_authority.localityName': 'Frederiksberg' - 'certificate_authority.organizationName': 'Labitat' - 'certificate_authority.emailAddress': 'noc@labitat.dk' - 'certificate_authority.commonName': '"Labitat Network Infrastructure CA"' - tags: radius-certs - -- name: Configure /etc/raddb/certs/server.cnf - ini_file: - path: '/etc/raddb/certs/server.cnf' - section: "{{ item.key.split('.',1)[0] }}" - option: "{{ item.key.split('.',1)[1] }}" - value: "{{ (item.value is string)|ternary(item.value,omit) }}" - state: "{{ (item.value is string)|ternary('present','absent') }}" - with_dict: - ' CA_default .default_days': '731' - 'server.countryName': 'DK' - 'server.stateOrProvinceName': 'Copenhagen' - 'server.localityName': 'Frederiksberg' - 'server.organizationName': 'Labitat' - 'server.emailAddress': 'noc@labitat.dk' - 'server.commonName': '"Labitat Radius Authentication 2020"' - tags: radius-certs - -- name: Configure /etc/raddb/certs/inner-server.cnf - ini_file: - path: '/etc/raddb/certs/inner-server.cnf' - section: "{{ item.key.split('.',1)[0] }}" - option: "{{ item.key.split('.',1)[1] }}" - value: "{{ (item.value is string)|ternary(item.value,omit) }}" - state: "{{ (item.value is string)|ternary('present','absent') }}" - with_dict: - ' CA_default .default_days': '731' - 'server.countryName': 'DK' - 'server.stateOrProvinceName': 'Copenhagen' - 'server.localityName': 'Frederiksberg' - 'server.organizationName': 'Labitat' - 'server.emailAddress': 'noc@labitat.dk' - 'server.commonName': '"Labitat Radius Inner Server Certificate 2020"' - tags: radius-certs +- name: Create our certificates bootstrap script + copy: + dest: '/etc/raddb/certs/bootstrap' + src: 'radius/bootstrap' + owner: root + group: radiusd + mode: 0750 -- name: Configure /etc/raddb/certs/client.cnf - ini_file: - path: '/etc/raddb/certs/client.cnf' - section: "{{ item.key.split('.',1)[0] }}" - option: "{{ item.key.split('.',1)[1] }}" - value: "{{ (item.value is string)|ternary(item.value,omit) }}" - state: "{{ (item.value is string)|ternary('present','absent') }}" - with_dict: - ' CA_default .default_days': '365' - 'client.countryName': 'DK' - 'client.stateOrProvinceName': 'Copenhagen' - 'client.localityName': 'Frederiksberg' - 'client.organizationName': 'Labitat' - tags: radius-certs +- name: Add certbot deploy hook + copy: + dest: '/etc/letsencrypt/renewal-hooks/deploy/radius.sh' + src: 'radius/certbot.sh' + owner: root + group: root + mode: 0755 # # radiusd.service -- cgit v1.2.1