ldap, internal CA, internal webserver, dns, etc.

author: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-01-05 16:13:01 -0500
committer: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-01-05 16:13:01 -0500
commit: fb0b3914086484d9284426985984e2c1699ba557 (patch)
tree: 963a2288a3b33f389972a78efaf3b6462bbe1925 /deploy-ca.yml
parent: b62d5f559b81556a1dd6197c72a0c43ba1744477 (diff)
download: oldinfra-fb0b3914086484d9284426985984e2c1699ba557.tar.gz
oldinfra-fb0b3914086484d9284426985984e2c1699ba557.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/deploy-ca.yml b/deploy-ca.yml
new file mode 100644
index 0000000..699fc5f
--- /dev/null
+++ b/deploy-ca.yml
@@ -0,0 +1,31 @@
+- name: add acme CA
+  hosts: ca
+  become: yes
+  roles:
+    - role: maxhoesel.smallstep.step_ca
+  tasks:
+    - name: add an acme provisioner to the ca
+      maxhoesel.smallstep.step_ca_provisioner:
+        name: ACME
+        type: ACME
+      become_user: step-ca
+    - name: restart step-ca
+      ansible.builtin.systemd_service: 
+        name: step-ca
+        state: restarted 
+        enabled: true 
+    - name: allow step-ca port traffic on vpn
+      ufw:
+        rule: allow
+        from: 100.64.0.0/10
+        port: "{{ step_ca_port }}" 
+    - name: restart ufw
+      ansible.builtin.systemd_service: 
+        name: ufw
+        state: restarted 
+        enabled: true 
+
+- name: configure trust to internal ca on all hosts
+  hosts: all
+  roles:
+    - ca
author	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-01-05 16:13:01 -0500
committer	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-01-05 16:13:01 -0500
commit	fb0b3914086484d9284426985984e2c1699ba557 (patch)
tree	963a2288a3b33f389972a78efaf3b6462bbe1925 /deploy-ca.yml
parent	b62d5f559b81556a1dd6197c72a0c43ba1744477 (diff)
download	oldinfra-fb0b3914086484d9284426985984e2c1699ba557.tar.gz oldinfra-fb0b3914086484d9284426985984e2c1699ba557.zip