AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

AniNIX/Wiki#21 -- effecting renames for policy

Browse Source
This commit is contained in:
DarkFeather
2024-04-01 00:44:23 -05:00
parent 323b4dd306
commit 6f36d515e3
46 changed files with 509 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
roles/SSL/tasks/main.yml
View File

@@ -37,30 +37,20 @@
group: http
mode: 2755
- name: Copy TLSA script
- name: Remove old TLSA script
become: yes
file:
path: /usr/local/sbin/tlsa-generation.bash
state: absent
- name: Copy record generator script
become: yes
template:
src: tlsa-generation.bash.j2
dest: /usr/local/sbin/tlsa-generation.bash
src: record-generation.bash.j2
dest: /usr/local/sbin/record-generation.bash
owner: root
group: root
mode: 0700
- name: Get proposed TLSA records
become: yes
command: /usr/local/sbin/tlsa-generation.bash
register: tlsa_records
- name: Show proposed TLSA records
debug:
msg: "{{ tlsa_records.stdout_lines }}"
- name: Get TLSA records
delegate_to: localhost
run_once: yes
command: "/bin/bash -c 'printf _443._tcp\\ ; dig _443._tcp.{{ external_domain }} TLSA +short; printf _6697._tcp\\ ; dig _6697._tcp.{{ external_domain }} TLSA +short'"
register: ext_tlsa_records
- name: Show TLSA records
debug:
msg: "{{ ext_tlsa_records.stdout_lines }}"
- debug:
msg: 'Run `sudo /usr/local/sbin/record-generation.bash` to generate a zonefile for import into a DNS provider.'