feat: extended ansible for wings to include cert setup

bancey · Jan 4, 2025 · c4f446d · c4f446d
1 parent 74453b7
commit c4f446d
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 4 deletions.
diff --git a/ansible/roles/setup-wings/defaults/main.yaml b/ansible/roles/setup-wings/defaults/main.yaml
@@ -0,0 +1,2 @@
+cloudflare_api_token: ''
+domain: ''
diff --git a/ansible/roles/setup-wings/files/cloudflare.ini.j2 b/ansible/roles/setup-wings/files/cloudflare.ini.j2
@@ -0,0 +1 @@
+dns_cloudflare_api_token = {{ cloudflare_api_token }}
diff --git a/ansible/roles/setup-wings/tasks/main.yaml b/ansible/roles/setup-wings/tasks/main.yaml
@@ -1,4 +1,38 @@
 ---
+- set_fact:
+    setup_certs: (cloudflare_api_token is defined) and (cloudflare_api_token|length > 0) and (domain is defined) and (domain|length > 0)
+- name: Install certbot
+  ansible.builtin.command: snap install --classic certbot
+  become: true
+  when: setup_certs
+- name: Install certbot cloudflare dns plugin
+  ansible.builtin.command: |-
+    snap set certbot trust-plugin-with-root=ok
+    snap install certbot-dns-cloudflare
+  become: true
+  when: setup_certs
+- name: Create lets encrypt directory
+  file:
+    path: "/etc/letsencrypt"
+    state: directory
+    owner: root
+    group: root
+    mode: 0775
+  become: true
+  when: setup_certs
+- name: Copy KeepAlived configuration template
+  template:
+    src: files/cloundflare.ini.j2
+    dest: /etc/letsencrypt/cloudflare.ini
+    owner: root
+    group: root
+    mode: 0600
+  become: true
+  when: setup_certs
+- name: Run certbot
+  ansible.builtin.command: certbot certonly -d {{ domain }} --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini --post-hook "systemctl restart wings" --non-interactive --agree-tos --email abance@bancey.xyz
+  become: true
+  when: setup_certs
 - name: Download wings
   get_url:
     url: "https://github.com/pterodactyl/wings/releases/latest/download/wings_linux_amd64"

diff --git a/ansible/wings-node.yaml b/ansible/wings-node.yaml
@@ -1,8 +1,10 @@
-- name: Update system and install pterodactly wings pre-requisites
-  hosts: wings-local
+- name: Update system and install Pterodactyl wings pre-requisites
+  hosts: wings-thor
   become: true
   become_user: root
   become_method: sudo
   roles:
-    - install-docker
-    - setup-wings
+    - role: install-docker
+    - role: setup-wings
+      domain: "{{ inventory_hostname }}.heimelska.co.uk"
+
diff --git a/terraform/environments/prod/prod.tfvars b/terraform/environments/prod/prod.tfvars
@@ -150,6 +150,13 @@ ansible = {
     nodes    = ["hela", "loki", "thor"]
     playbook = "test-vms.yaml"
   }
+  "wings-local" = {
+    nodes    = ["hela", "loki", "thor"]
+    playbook = "wings-node.yaml"
+    secrets = {
+      "cloudflare_api_token" = "Cloudflare-Lab-API-Token"
+    }
+  }
 }
 
 images = {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		dns_cloudflare_api_token = {{ cloudflare_api_token }}