From fb0b3914086484d9284426985984e2c1699ba557 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Fri, 5 Jan 2024 16:13:01 -0500
Subject: ldap, internal CA, internal webserver, dns, etc.

---
 deploy-ca.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 deploy-ca.yml

(limited to 'deploy-ca.yml')

diff --git a/deploy-ca.yml b/deploy-ca.yml
new file mode 100644
index 0000000..699fc5f
--- /dev/null
+++ b/deploy-ca.yml
@@ -0,0 +1,31 @@
+- name: add acme CA
+  hosts: ca
+  become: yes
+  roles:
+    - role: maxhoesel.smallstep.step_ca
+  tasks:
+    - name: add an acme provisioner to the ca
+      maxhoesel.smallstep.step_ca_provisioner:
+        name: ACME
+        type: ACME
+      become_user: step-ca
+    - name: restart step-ca
+      ansible.builtin.systemd_service: 
+        name: step-ca
+        state: restarted 
+        enabled: true 
+    - name: allow step-ca port traffic on vpn
+      ufw:
+        rule: allow
+        from: 100.64.0.0/10
+        port: "{{ step_ca_port }}" 
+    - name: restart ufw
+      ansible.builtin.systemd_service: 
+        name: ufw
+        state: restarted 
+        enabled: true 
+
+- name: configure trust to internal ca on all hosts
+  hosts: all
+  roles:
+    - ca
-- 
cgit v1.2.3-70-g09d2