Move certificates to Ansible Vault (#27)

This commit is contained in:
Lukáš Kucharczyk 2021-05-14 23:52:06 +02:00
parent 47dd3267f5
commit e48997e139
No known key found for this signature in database
GPG Key ID: 65524498C0196B64
8 changed files with 10 additions and 121 deletions

View File

@ -4,3 +4,5 @@
- docker - docker
- nginx - nginx
- jellyfin - jellyfin
vars_files:
- vault/certs/{{ base_domain }}.yml

View File

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDNTCCAh0CFA+NVMwkGKvL8NbRd7waRkEHYcf/MA0GCSqGSIb3DQEBCwUAMFUx
CzAJBgNVBAYTAkNaMQ8wDQYDVQQHDAZQcmFndWUxEDAOBgNVBAMMB0hvbWVsYWIx
IzAhBgkqhkiG9w0BCQEWFGx1a2FzQGt1Y2hhcmN6eWsueHl6MB4XDTIxMDUxMzIy
MDA1NloXDTMxMDUxMTIyMDA1NlowWTELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlBy
YWd1ZTEUMBIGA1UEAwwLKi5kZXYubG9jYWwxIzAhBgkqhkiG9w0BCQEWFGx1a2Fz
QGt1Y2hhcmN6eWsueHl6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
0/jsQ6h6PodfYxTSAwUIY9+AXQ519Km4YNnxH5Ma3AjFH0asJyYR/CC6Zx4VOI1c
ZvelLHH/fonuLygSVc9zG5e3k62m6WHxZDDD0GidbmsgPMfPK5r1m9B2McbqWlVD
R0Y7FuGCQb0PqClJu86knw2kaYaFHrMVyBgZXAqXfEYIVJJ5SL8Yzo/lyoSHwlmk
lZ3LjnvlJ9IAOVpoWiuxmCzzEpGWQyve47HgyN5Q6Um8C0hgwj9fbA9L8Ns8PKt3
y+ypFJMO8gXsup4h7VhRz8KpqdBpo9ghMsvxTAUiPGkerUEjqiIFK2Iz1bZ8yL5d
/Gh0EM6ii2FSwsTpVzJ0xQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBjaFbfxfut
blYjPZ3mn1hbo3w5kqo9Ly7OLU4mCoK/DFzUBJbIj471B+7cK8hjmvzDUCQxRQWx
pBOBzOR4VSF4Z/xKKc1tWQJSC1r5JP0qmkYrmgIgLVi/gdZVYc7qLQbAlJhIOqD1
vQnXrBRqUm7J2ThqFdBuILvR20Pkoa2GnH3ufnQvdSs4WPWocR+fKYbx/DKjpAbU
GWg1HnL+7PiflV1HDAkc2kiNQy70/bxcQq1HvQRxjm5C15ojdVzyqPy+CwQo+JOd
IdueOS9mM6CQATnwQxK0XKkyH1yI9M83ahQbArwWTzejRWJQd0xYWdQgiEr4aWWV
DONUin6JUgVV
-----END CERTIFICATE-----

View File

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICnjCCAYYCAQAwWTELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlByYWd1ZTEUMBIG
A1UEAwwLKi5kZXYubG9jYWwxIzAhBgkqhkiG9w0BCQEWFGx1a2FzQGt1Y2hhcmN6
eWsueHl6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/jsQ6h6Podf
YxTSAwUIY9+AXQ519Km4YNnxH5Ma3AjFH0asJyYR/CC6Zx4VOI1cZvelLHH/fonu
LygSVc9zG5e3k62m6WHxZDDD0GidbmsgPMfPK5r1m9B2McbqWlVDR0Y7FuGCQb0P
qClJu86knw2kaYaFHrMVyBgZXAqXfEYIVJJ5SL8Yzo/lyoSHwlmklZ3LjnvlJ9IA
OVpoWiuxmCzzEpGWQyve47HgyN5Q6Um8C0hgwj9fbA9L8Ns8PKt3y+ypFJMO8gXs
up4h7VhRz8KpqdBpo9ghMsvxTAUiPGkerUEjqiIFK2Iz1bZ8yL5d/Gh0EM6ii2FS
wsTpVzJ0xQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAD9stDlWNlzkGFsTJc36
CfT7/qovjmxWGJLsuczU7oBwf6nwPuV0W3fUvl2tqz5Nnff4wOnKkRlrR54R0Obl
6KgebvwjACypYkFcL075qrdBpm52yiDWfE7ZOAU7tRCZ7DtMeEtSx/g/03bVp0n1
7rZm2eeiXB/m7VqabxK1eRwnDktXGuRWpRK7OpQQ0UuKSTlRsI8o4N4r0af8DInP
C3mWATJ56dsWaVhW1fBvSFAjrdho1vPadyC2Lb71MyM1H8IQSW8pQlyvAOlw+JVE
iEaTYt7miCODHzKSMv73Or2XGYMEFtoLDot3B+rBQun8TQwujDrMA7KU25NcgfQ+
d+Y=
-----END CERTIFICATE REQUEST-----

View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDT+OxDqHo+h19j
FNIDBQhj34BdDnX0qbhg2fEfkxrcCMUfRqwnJhH8ILpnHhU4jVxm96Uscf9+ie4v
KBJVz3Mbl7eTrabpYfFkMMPQaJ1uayA8x88rmvWb0HYxxupaVUNHRjsW4YJBvQ+o
KUm7zqSfDaRphoUesxXIGBlcCpd8RghUknlIvxjOj+XKhIfCWaSVncuOe+Un0gA5
WmhaK7GYLPMSkZZDK97jseDI3lDpSbwLSGDCP19sD0vw2zw8q3fL7KkUkw7yBey6
niHtWFHPwqmp0Gmj2CEyy/FMBSI8aR6tQSOqIgUrYjPVtnzIvl38aHQQzqKLYVLC
xOlXMnTFAgMBAAECggEBAMuHAOPdyrJrLM1n2lYH6QxsN0YicmOe6mgkGv8kMe//
g7YKF5XnWfFqQ1BrdBi+snAzbCcGtjj7mvUwVpqJ+44M2Lk1TURdRHfc0sczC6ZP
ub5iY6sMuLMJL9OPmMlvgI/ZATdxA663J2dhbWikezA02x5viTX24f0kFoVnrhgl
LYSVOVOl94vk1jByJVtJeusd5JwF6JZ6Ws8My7Fzh3hHMepcB5uVfYr20O7FZHEX
DAlVN7MSh7nM0a4WsZPg5S5KLMZlhTyqosRwx9n5Y08S8BRYMLNyetRICDe6MIn9
cJllAR/W51WsvmH/LHmLTRA6eC4rxO744z0DDpGuc6kCgYEA+44eS79TCRG6zQjo
Jt2VMcdUpqTwcXWwllpZh071SV3wMQTlzRwAM8QdPga5O0qYe/UBVxx4dh5MinpN
TnGP+4sBlME2Q8iUml5jNU8Fwuo1XZWkdrTmeJl/DyJ2iqokPyJSp/iFhFWuNhJS
eNgmu7gvLPMhQjdfTDsom4OSAt8CgYEA17fBltxcWmQV6XxkVbVLnrdesvGv8zGg
VIod02wW39G0WR5FEffu+TEOcsdkQGqH9gCUkyEomGzZKGDmzCu+PpLjb1KIBkf+
8tt4o4Za91XgOm79m2sP5qczwXqUOsgRZBNPTDrbwIA4Y4pMYoxwx4aQF9DLl0Vt
jqNhHtn2ANsCgYA0LcSG/cahiPXwdbqB5VB/JNOgRXJCdqEMbu1HLc+fSkb6RAPO
ydIY6sMODKL7c3uxqp5+jT9HcP17c+b5MIEnMiw/yNwSr1ZztsRpWFzfk2lCYjnd
DaUIuv4qC4H/PU+LcPkoMlqvmn4qZR6KRnuyUIAomL37WDUCQPspVt9AjQKBgQDB
1euNbLtLuc16vXzHCx5FIw5kCwqIo5om/OiqFuFDAwNkZO+5oqjIoA0UlBiATXmY
UpMu1cfNl1lWkCQzaEcNoR3e5TE3O7Bad12iytKolzDiMOOPqRdjsfCutT/Gxgni
e/twSx81jcGdqCLVFs8sarzFuaeHaSp11lcpyr7jqwKBgQDWL0Dx6/ybyma/NcWD
liF6OMkxwvA58c7eoG2pOSENxMhe5rA9uzaYj0jjLCEIwF5X5uI5vsnnl1vKtfA4
YAly4qve/lhCqM9YvRi1l2Oi5aeZLqVKF8tA81k5kK/O7dKjHvq8hLIipcQ2Esfy
3X+EPcWIxFSX64m5+Ib+cch6hg==
-----END PRIVATE KEY-----

View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAH/nCewvHL6pP
tGUyUwVBiL6T3er0mS4rM6ifoQxEGb1EsURyngik0I1IaPn9ciI09JnUdXpKnMS3
/jhHlkibD93datDPHEdPTdw1TZmQLcJyWW5MQ52/DMKDokCzWdQNENEL7I9A8GUD
V1Rl8E3G/uKHAzj2ULI1S+MwY+5URF3MLABmxFEfWcIBNef42wQ67hx74WlwOVVK
GNTVyd6EkRXDXu/YoMnZUdWOUxk6Bo9eKALOiVoTDtJOgubs5LT8MmhIosI6SqDM
lPq7huLLPD09egDrQqU13LfOG/+N7LXwsTcQXNV6irzMgNTE7vsWDyO+q8m4J1BU
sMWHnOpxAgMBAAECggEAD6SK2WLbWqRu4X52ntpTmzpfCfsPnkq6j5ntKNIcBY9y
8ZzdTdfALGsula62bARW9KjVvY6zHlAVVEXGn02FK9rm3ZhM2BAdXj+gplZjInIX
WugdKuh2d4+6Zq1XR0MRGN89phLktwzbrKH3pTUjoAgwuX1xrdx0JhK/tLjuNr4W
CBtmz2X6lzKeD9S7PHu33Tqseg1GCfQYBKyDrCOgWBq8/V0eoAQB3g4t3ZIfzAYN
Ft4BEB3prNBgLhuea43DRNcUnIu2k9/LzLTpGJE8oqM55yUEULdWIvRQJHEDfah2
1YiDCzzd3CCYgk6CjRaEihL+WPJfohKzDghnrhVp4QKBgQDw6CTWcm6S7/+eO6qP
PnyFPK/1ajCwc1KsVEjiS2OQ9WMK6d8pfA9o6lCjlRcu8kCO6CXQS8vXwg7G3PBY
7ndMUoyTD5X32uG/VXY1LxYtCdrjKWsnZP/cuTtcodaG/Sp+5Pa1eO00cG6ckCQr
FU8BLqeLhOSjlFinvoEVqPFriwKBgQDMKW2xTeqQpbLuTgvGcFglhTiyjGzIwtf7
Du0ZqF7LpzY95CUBOL9YZBBcAzarCnemzDeMy7aDuIesVP0JPGdTC2f4W/X++WUO
7CXJH7Xt/ULQLXDwRyQiMCKNCCNQtpDfP/Uzf6Ts/F3rIYre3NzscTbUradD3RMd
OqyIyzwxcwKBgBGhK3D2Ftlx7sbpnuW0sPAfLNFM4BtJlTc/Q8YrtjGZg5H843Pp
vEb1Psl506R/3fGXU40WvugfL22mJYCckuZm9Bqe/V6SCgsyeeASfhD1s6sEEO9l
GMRSWeHBhi2CwWVf5B4Lp3A6+h1C/yKYAJwZifFP3FuMM6Cy9Eddga1ZAoGBAKCR
SKM0y3F90E8Z9KrZ+olv0FqklH4Et8bNQ251fDChTsi4YN4oGl1TPYaQRHOa5OW7
IUlLgjzwaUwA/40/A2hNxTSQZtVkobVtxn36waPuFpkR1Aw1d1aoEtRmfRfirefX
LmqVTknQZbEijUyf2eTfWadE+BMokPrhBYcEiE+/AoGBANdhUebsG0AGYvM2SuHy
UQFmwamIzSUdBPXvNDALoCOi/9t0ySakxmBOyaUFY6k1WOW/fvBJ4eTGdlIUO6Ee
v1vMxpjLb8Z5H19qK/qSu1Q4PI70q0uThaWFFQ4Hhadb1m1vfxZ7u/jqx3rxCVqD
dw4+Bq5YpiLXR11wW29gx6dx
-----END PRIVATE KEY-----

View File

@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIUYUlmu4VunV3uvnrMuV9MOXRJmjowDQYJKoZIhvcNAQEL
BQAwVTELMAkGA1UEBhMCQ1oxDzANBgNVBAcMBlByYWd1ZTEQMA4GA1UEAwwHSG9t
ZWxhYjEjMCEGCSqGSIb3DQEJARYUbHVrYXNAa3VjaGFyY3p5ay54eXowHhcNMjEw
NTEzMjIwMDU1WhcNMzEwNTExMjIwMDU1WjBVMQswCQYDVQQGEwJDWjEPMA0GA1UE
BwwGUHJhZ3VlMRAwDgYDVQQDDAdIb21lbGFiMSMwIQYJKoZIhvcNAQkBFhRsdWth
c0BrdWNoYXJjenlrLnh5ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMAf+cJ7C8cvqk+0ZTJTBUGIvpPd6vSZLiszqJ+hDEQZvUSxRHKeCKTQjUho+f1y
IjT0mdR1ekqcxLf+OEeWSJsP3d1q0M8cR09N3DVNmZAtwnJZbkxDnb8MwoOiQLNZ
1A0Q0Qvsj0DwZQNXVGXwTcb+4ocDOPZQsjVL4zBj7lREXcwsAGbEUR9ZwgE15/jb
BDruHHvhaXA5VUoY1NXJ3oSRFcNe79igydlR1Y5TGToGj14oAs6JWhMO0k6C5uzk
tPwyaEiiwjpKoMyU+ruG4ss8PT16AOtCpTXct84b/43stfCxNxBc1XqKvMyA1MTu
+xYPI76rybgnUFSwxYec6nECAwEAAaNTMFEwHQYDVR0OBBYEFMIPcuQ9X1fX4grD
O+mb1PipZfPYMB8GA1UdIwQYMBaAFMIPcuQ9X1fX4grDO+mb1PipZfPYMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHKHCIGmFygvzyXENSbzFcwI
vSLkB/pb3NLXIcFtFI2hu3NdXkf2Lf/YdSTeXz0TS9M4EyDouVg4rKrGfgQCXwpd
FK05b9x2MBrKm1sLMr8gofYvKYlRzF+Fedr/d1S9ze/FE2UbMuzjc70vjRpKd8yN
nRATyJdicWUqhZZC2TB2ko3G6vzoUxIHQH7PPHjpJW1kYspio/+ohYSmh9rpqeSG
MHYyBsjSbEJJOdkaWWxc+OWhLuhfD4lZlmmzyVBBQ0HQ/shztPaWYogHVpU9yAEW
kasPGcwXxrpIaQo06U5qmmDbwfUadljfaOicMuu4Rv2xQPGvdNy49uYdSERlKpQ=
-----END CERTIFICATE-----

View File

@ -1 +0,0 @@
0F8D54CC2418ABCBF0D6D177BC1A46410761C7FF

View File

@ -30,11 +30,13 @@
-days 3650 \ -days 3650 \
-sha256 -sha256
when: generate_cert.wildcard when: generate_cert.wildcard
- name: copy wildcard certificate and key - name: copy wildcard certificate and key from vault
copy: copy:
src: "{{ item }}" content: "{{ item.content }}"
dest: "{{ data_folder }}/nginx/{{ item }}" dest: "{{ data_folder }}/nginx/{{ item.name }}"
owner: root
group: root
mode: '0700' mode: '0700'
loop: with_items:
- "{{ base_domain }}.crt" - "{{ certificates }}"
- "{{ base_domain }}.key" no_log: true