diff options
| -rw-r--r-- | nfsserver.yml | 5 | ||||
| -rw-r--r-- | roles/nfsserver/tasks/crt.yml | 34 | ||||
| -rw-r--r-- | roles/nfsserver/tasks/main.yml | 1 | ||||
| -rw-r--r-- | roles/nfsserver/vars/main.yml | 2 | ||||
| -rw-r--r-- | site.yml | 1 |
5 files changed, 43 insertions, 0 deletions
diff --git a/nfsserver.yml b/nfsserver.yml new file mode 100644 index 0000000..c359952 --- /dev/null +++ b/nfsserver.yml @@ -0,0 +1,5 @@ +- hosts: nfs + remote_user: root + any_errors_fatal: true + roles: + - nfsserver diff --git a/roles/nfsserver/tasks/crt.yml b/roles/nfsserver/tasks/crt.yml new file mode 100644 index 0000000..9bbeaa6 --- /dev/null +++ b/roles/nfsserver/tasks/crt.yml @@ -0,0 +1,34 @@ +- name: Installation des fichiers certificat pour nfsd + copy: + src: "certs/{{ maindomain }}.{{ ansible_hostname }}.nfs.{{ crtversion }}.crt" + dest: /etc/pki/tls/certs/{{ maindomain }}.nfs.crt + owner: root + group: root + mode: 0644 + tags: keys + +- name: Installation du fichier dhparam pour nfsd + copy: + src: "certs/dhparam-4096.{{ ansible_hostname }}.{{ crtversion }}.pem" + dest: /etc/pki/tls/certs/dhparam-4096.{{ ansible_hostname }}.nfs.pem + owner: root + group: root + mode: 0644 + tags: keys + +- name: Installation des fichiers clé pour nfsd + copy: + src: "certs/{{ maindomain }}.{{ ansible_hostname }}.nfs.{{ crtversion }}.key" + dest: /etc/pki/tls/private/{{ maindomain }}.nfs.key + owner: root + group: root + mode: 0400 + tags: keys + +# regénérer le fullchain.pem avec le nouveau cert sur chaque hôte +# distant. +- name: Mise à jour du fichier fullchain.pem + shell: cat /etc/pki/tls/certs/'{{ maindomain }}'.nfs.crt /etc/pki/tls/certs/mon-ca.crt > /etc/pki/tls/certs/'{{ maindomain }}'.nfs.fullchain.crt + args: + executable: /usr/bin/zsh + tags: keys diff --git a/roles/nfsserver/tasks/main.yml b/roles/nfsserver/tasks/main.yml new file mode 100644 index 0000000..a61319c --- /dev/null +++ b/roles/nfsserver/tasks/main.yml @@ -0,0 +1 @@ +- import_tasks: crt.yml diff --git a/roles/nfsserver/vars/main.yml b/roles/nfsserver/vars/main.yml new file mode 100644 index 0000000..aeb5c9c --- /dev/null +++ b/roles/nfsserver/vars/main.yml @@ -0,0 +1,2 @@ +crtversion: "16" +maindomain: casperlefantom.net @@ -16,3 +16,4 @@ - import_playbook: bittorrent.yml - import_playbook: reverseproxy.yml - import_playbook: phpworker.yml +- import_playbook: nfsserver.yml |