Provision nebula certs using Ansible

2021-01-30 20:06:31 +00:00 · 2021-01-30 20:06:31 +00:00 · 08ff5dcf94
commit 08ff5dcf94
parent 92815a6f76
4 changed files with 69 additions and 1 deletions
--- a/ansible/roles/nebula/files/ca.crt
+++ b/ansible/roles/nebula/files/ca.crt
@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+64383034666438336663396339636630323434633037373635386466633163396435336230303736
+3562386239313435373566373161343932306333356365610a363238356132363465626139643233
+32343862303066386533303536336335333034326564343030366435643765643032336635646437
+3131653964356437310a616138306362626139376662373866343238623363646236376364646661
+34306461373835373037383038626266663565346466393933613836663230643263303361356465
+31396532656262303336303839383264303435633437303463666338356465616339666231346265
+31626134613162663461356130373036663366623437653934376462616234373266663435353365
+30646534353931363766303366393235303964613332316434306366346336363866323235346363
+63363932626364313731356635323338623766306338653331323363643561643132643630333965
+39343766393061663039373630666136653635386535346462323937633164663937383762643962
+34666531363530653163303364633638633838613433353836393830306333656634383137636538
+36353538383135646138653939613863323866616634643432383437393065653535633734383434
+35643161343662626466366136393533666234646431313631353631616631366236656365366465
+37373735636533633762646661653931323533316634336631303834393438646233363866623663
+61396364303139326539666166633535666639393332346131303539653835616261653436333666
+38666363323533333631303938663065336163643430373636393866323136646662356333373761
+3366
--- a/ansible/roles/nebula/files/certs/casey.crt
+++ b/ansible/roles/nebula/files/certs/casey.crt
@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.1;AES256
+64613133383265373737643031303930643035303131303331313864306332323231616534663731
+6332326533376638613331386665346166366632376465610a326635366539313466346663336361
+30366163666530626132373633653732333930306236383934353730336334653366316533333532
+6462326439306639330a633333373363613339303635373235643961346630373261316365336666
+63643135366363376666313839656537383265636330323238323738356634343933376334383866
+66346338316166303332636663396365363339386462356666303038353062633839333339633633
+66303265666464313737346431313463393265616134346138623763343261646334313061396364
+34646663633538343965653464343933633062343633643064326463653932383739326430656433
+62316337626135653534613035363235343135333435646264613664386236623632306465376266
+31306666656463333561373232343061393034356336393339386135306364363533643965613361
+34613939653765646263353863633462623434393961396335303735336433653866373534313130
+64366632313764633636353265383332303561343435333135656230656336316235353734363265
+63373033613161303736373065323565336638386537656235333639303262383437643739333762
+31323636373239623838303834353130623038633933306238333632323533303731353539383465
+34366464366161626163363163323365333932396231333930336132313563323062626334313930
+64373562366164613964613534306161366531643530343331313538383461666537306639663965
+62343036386166323036653266343362323961613432336466313731333561636234386662333264
+64393463303336643231616531393365383632303030616337336234393137393939333130633339
+333837383764333662313933666132383837
--- a/ansible/roles/nebula/files/certs/casey.key
+++ b/ansible/roles/nebula/files/certs/casey.key
@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+31386138633139343335346361323831306435383234653738613139376138393138383964633031
+3337346361396334636433393538666433666136353337360a376435363861393333666438383765
+35383334303931383331303161303738636437303135623833356462393766633262666433316232
+6631356631383164620a383265376365643032623835346238353130356463383139623436303935
+32636463613164613533313633333838396531303431393938393163633566363433613630303435
+36633138366362623636653565343637633338306534393236643030653532623563613834633538
+31663565626138376231643537306362336334336334353662633166653630366438633636633765
+33636362333630653064326165336334396538653332323332656634656361613335373939636264
+64356163336138316235626331373637316661363233366535356532323539653166303234346162
+3062666234396362623664626535326534376535346233376232
--- a/ansible/roles/nebula/tasks/main.yml
+++ b/ansible/roles/nebula/tasks/main.yml
@ -22,11 +22,30 @@
  become: true
  notify: restart nebula

+- name: Install CA certificate
+  template:
+    src: files/ca.crt
+    dest: /etc/nebula/ca.crt
+    mode: "0600"
+  become: true
+  notify: restart nebula
+
+- name: Install client certificates
+  template:
+    src: files/certs/{{ item }}
+    dest: /etc/nebula/{{ item }}
+    mode: "0600"
+  loop:
+    - "{{ ansible_fqdn }}.key"
+    - "{{ ansible_fqdn }}.crt"
+  become: true
+  notify: restart nebula
+
 - name: Install service
  get_url:
    url: https://raw.githubusercontent.com/slackhq/nebula/v{{ nebula_version }}/dist/arch/nebula.service
    dest: /usr/lib/systemd/system/nebula.service
-    mode: '0644'
+    mode: "0644"
  become: true

 - name: Enable service