diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index d399a25..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,5 +0,0 @@ -[defaults] -inventory=inventory.yml -#strategy_plugins = /opt/mitogen-0.2.9/ansible_mitogen/plugins -#strategy = mitogen_linear - diff --git a/certs.json b/certs.json deleted file mode 100644 index 452e98e..0000000 --- a/certs.json +++ /dev/null @@ -1,16 +0,0 @@ -[ - { - "cert_name": "collector-dn42", - "names": [ - "collector.dn42", - "*.collector.dn42" - ] - }, - { - "cert_name": "burble-dn42", - "names": [ - "burble.dn42", - "*.burble.dn42" - ] - } -] diff --git a/deploy.yml b/deploy.yml deleted file mode 100644 index 73c0bb2..0000000 --- a/deploy.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -########################################################################### -# Deploy certs -########################################################################### - -- hosts: rprox - roles: - - { role: rprox, tags: rprox } - -- hosts: docker - roles: - - { role: docker, tags: docker } - -########################################################################### -# end of file diff --git a/domains/020-burble.com.js b/domains/020-burble.com.js index 7d18fd5..d6c372e 100644 --- a/domains/020-burble.com.js +++ b/domains/020-burble.com.js @@ -94,11 +94,13 @@ nodes.forEach(function(n) { // ipv4 if (n[1] != 'undefined') { D_EXTEND(domain,A(n[0], n[1])); + D_EXTEND(domain,A('ipv4.' + n[0], n[1])); } // ipv6 if (n[2] != 'undefined') { - D_EXTEND(domain,AAAA(n[0], n[2])); + D_EXTEND(domain,AAAA(n[0], n[2])); + D_EXTEND(domain,AAAA('ipv6.' + n[0], n[2])); } // DN42 public node diff --git a/group_vars/all.yml b/group_vars/all.yml deleted file mode 100644 index 90e5d5b..0000000 --- a/group_vars/all.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -########################################################################### - -# common connection vars -ansible_user: sol -ansible_become: yes -ansible_python_interpreter: /usr/bin/python3 - -########################################################################### -# end of file diff --git a/inventory.yml b/inventory.yml deleted file mode 100644 index a52c1a8..0000000 --- a/inventory.yml +++ /dev/null @@ -1,23 +0,0 @@ -########################################################################### - -all: - children: - - rprox: - hosts: - de-fra1.burble.com: - ca-bhs2.burble.com: - fr-rbx1.burble.com: - us-lax1.burble.com: - - docker: - hosts: - fr-rbx1.burble.com: - fr-par1.burble.com: - fr-par2.burble.com: - ca-bhs2.burble.com: - de-fra1.burble.com: - ch-zur1.burble.com: - -########################################################################### -# end of file diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml deleted file mode 100644 index 2495873..0000000 --- a/roles/docker/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -######################################################################## - -- name: update traefik - file: - path: '{{ tpath }}/dynamic_conf/burble-dn42.yml' - state: touch - -######################################################################## -# end of file \ No newline at end of file diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml deleted file mode 100644 index 802f553..0000000 --- a/roles/docker/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -######################################################################## - -# upload the certs - -- copy: - src: 'certificates/{{ d }}/{{ f }}' - dest: '{{ tpath }}/certs/{{ f }}' - owner: root - group: root - mode: 0400 - vars: - d: '{{ item.d }}' - f: '{{ item.d }}.{{ item.s }}' - loop: - - { d: 'burble-dn42', s: 'crt' } - - { d: 'burble-dn42', s: 'key' } - notify: update traefik - -######################################################################## -# end of file - diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml deleted file mode 100644 index 0fa7cc5..0000000 --- a/roles/docker/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -######################################################################## - -tpath: '/export/apps/docker/config/traefik' - -######################################################################## -# end of file \ No newline at end of file diff --git a/roles/rprox/tasks/main.yml b/roles/rprox/tasks/main.yml deleted file mode 100644 index f4ced36..0000000 --- a/roles/rprox/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -######################################################################## - -# upload the certs - -- copy: - src: 'certificates/{{ d }}/{{ f }}' - dest: '{{ npath }}/certs/{{ f }}' - owner: '81001' - group: '81001' - mode: 0400 - vars: - d: '{{ item.d }}' - f: '{{ item.d }}.{{ item.s }}' - loop: - - { d: 'burble-dn42', s: 'crt' } - - { d: 'burble-dn42', s: 'key' } - - { d: 'collector-dn42', s: 'crt' } - - { d: 'collector-dn42', s: 'key' } - -######################################################################## -# end of file - diff --git a/roles/rprox/vars/main.yml b/roles/rprox/vars/main.yml deleted file mode 100644 index 5671898..0000000 --- a/roles/rprox/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -######################################################################## - -npath: '/export/apps/nginx' - -######################################################################## -# end of file \ No newline at end of file diff --git a/scripts/push-rprox.sh b/scripts/push-rprox.sh deleted file mode 100755 index 2784e5c..0000000 --- a/scripts/push-rprox.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/bash -######################################################################## - -certs=( - 'burble-dn42' - 'collector-dn42' -) - -# hosts to push -hosts=( - 'rsync.tier2.fr-rbx1.burble.dn42' - 'rsync.tier2.de-fra1.burble.dn42' - 'rsync.tier2.ca-bhs2.burble.dn42' -) - -dst="apps/nginx/certs" - -######################################################################## - -# where am I ? -SCRIPTPATH="$(cd "$(dirname "$0")" ; pwd -P)" -CERTPATH="$(cd "${SCRIPTPATH}/../certificates/"; pwd -P)" -echo "Certs are here: $CERTPATH" -pushd "$CERTPATH" - -# create a temp directory -export TMPDIR="$XDG_RUNTIME_DIR" -tmp=$(mktemp -d) -if [ $? -ne 0 -o -z "$tmp"] -then - echo "Failed to create tmp directory" - exit 1 -fi -echo "Created tmp directory: $tmp" - -function cleanup { - if [ -d "$tmp" ] - then - echo "Cleaning tmp directory" - rm -rf "$tmp" > /dev/null 2>&1 - fi -} -trap cleanup EXIT - -export VAULT_ADDR='https://vault.burble.dn42' - -######################################################################## -# generate one time key for deployment access - -echo "Generating temporary rsync key" - -sshkey="${tmp}/rsync_key" -ssh-keygen -t ed25519 -a 100 -N '' -f "$sshkey" - -vault write \ - -field=signed_key \ - burble.dn42/ssh/user/sign/rsync \ - public_key="@${sshkey}.pub" \ - > "${sshkey}-cert.pub" -if [ $? -ne 0 ] -then - echo "Failed to generate temporary rsync key" - exit 1 -fi -echo "Key is signed" - -# fixup perms -chmod 0600 "${tmp}"/* - -######################################################################## -# create a list of files to push - -declare -a flist - -echo "Files to copy:" -for cert in ${certs[@]} -do - crt="${cert}/${cert}.crt" - key="${cert}/${cert}.key" - echo " - $crt" - echo " - $key" - - flist+=( "$crt" "$key" ) -done - -# and push to hosts - -for host in ${hosts[@]} -do - echo "Syncing host: $host" - rsync -avogp --delete -e "ssh -i '${sshkey}'" \ - --chown 81001:81001 --chmod=D2700,F600 \ - "${flist[@]}" \ - "root@${host}:${dst}/" -done - -popd -######################################################################## -# end of file diff --git a/scripts/renew.sh b/scripts/renew.sh deleted file mode 100755 index d509382..0000000 --- a/scripts/renew.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -dnscontrol get-certs \ - --acme https://acme-v2.acme.dn42/directory \ - --agreeTOS \ - --email "dn42@burble.com" \ - --renew 30