From 08ff5dcf94072f923bcb3ee183351850f1e67d44 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 30 Jan 2021 20:06:31 +0000 Subject: [PATCH] Provision nebula certs using Ansible --- ansible/roles/nebula/files/ca.crt | 18 ++++++++++++++++++ ansible/roles/nebula/files/certs/casey.crt | 20 ++++++++++++++++++++ ansible/roles/nebula/files/certs/casey.key | 11 +++++++++++ ansible/roles/nebula/tasks/main.yml | 21 ++++++++++++++++++++- 4 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/nebula/files/ca.crt create mode 100644 ansible/roles/nebula/files/certs/casey.crt create mode 100644 ansible/roles/nebula/files/certs/casey.key diff --git a/ansible/roles/nebula/files/ca.crt b/ansible/roles/nebula/files/ca.crt new file mode 100644 index 0000000..94366cb --- /dev/null +++ b/ansible/roles/nebula/files/ca.crt @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +64383034666438336663396339636630323434633037373635386466633163396435336230303736 +3562386239313435373566373161343932306333356365610a363238356132363465626139643233 +32343862303066386533303536336335333034326564343030366435643765643032336635646437 +3131653964356437310a616138306362626139376662373866343238623363646236376364646661 +34306461373835373037383038626266663565346466393933613836663230643263303361356465 +31396532656262303336303839383264303435633437303463666338356465616339666231346265 +31626134613162663461356130373036663366623437653934376462616234373266663435353365 +30646534353931363766303366393235303964613332316434306366346336363866323235346363 +63363932626364313731356635323338623766306338653331323363643561643132643630333965 +39343766393061663039373630666136653635386535346462323937633164663937383762643962 +34666531363530653163303364633638633838613433353836393830306333656634383137636538 +36353538383135646138653939613863323866616634643432383437393065653535633734383434 +35643161343662626466366136393533666234646431313631353631616631366236656365366465 +37373735636533633762646661653931323533316634336631303834393438646233363866623663 +61396364303139326539666166633535666639393332346131303539653835616261653436333666 +38666363323533333631303938663065336163643430373636393866323136646662356333373761 +3366 diff --git a/ansible/roles/nebula/files/certs/casey.crt b/ansible/roles/nebula/files/certs/casey.crt new file mode 100644 index 0000000..5b9f547 --- /dev/null +++ b/ansible/roles/nebula/files/certs/casey.crt @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.1;AES256 +64613133383265373737643031303930643035303131303331313864306332323231616534663731 +6332326533376638613331386665346166366632376465610a326635366539313466346663336361 +30366163666530626132373633653732333930306236383934353730336334653366316533333532 +6462326439306639330a633333373363613339303635373235643961346630373261316365336666 +63643135366363376666313839656537383265636330323238323738356634343933376334383866 +66346338316166303332636663396365363339386462356666303038353062633839333339633633 +66303265666464313737346431313463393265616134346138623763343261646334313061396364 +34646663633538343965653464343933633062343633643064326463653932383739326430656433 +62316337626135653534613035363235343135333435646264613664386236623632306465376266 +31306666656463333561373232343061393034356336393339386135306364363533643965613361 +34613939653765646263353863633462623434393961396335303735336433653866373534313130 +64366632313764633636353265383332303561343435333135656230656336316235353734363265 +63373033613161303736373065323565336638386537656235333639303262383437643739333762 +31323636373239623838303834353130623038633933306238333632323533303731353539383465 +34366464366161626163363163323365333932396231333930336132313563323062626334313930 +64373562366164613964613534306161366531643530343331313538383461666537306639663965 +62343036386166323036653266343362323961613432336466313731333561636234386662333264 +64393463303336643231616531393365383632303030616337336234393137393939333130633339 +333837383764333662313933666132383837 diff --git a/ansible/roles/nebula/files/certs/casey.key b/ansible/roles/nebula/files/certs/casey.key new file mode 100644 index 0000000..04ceb94 --- /dev/null +++ b/ansible/roles/nebula/files/certs/casey.key @@ -0,0 +1,11 @@ +$ANSIBLE_VAULT;1.1;AES256 +31386138633139343335346361323831306435383234653738613139376138393138383964633031 +3337346361396334636433393538666433666136353337360a376435363861393333666438383765 +35383334303931383331303161303738636437303135623833356462393766633262666433316232 +6631356631383164620a383265376365643032623835346238353130356463383139623436303935 +32636463613164613533313633333838396531303431393938393163633566363433613630303435 +36633138366362623636653565343637633338306534393236643030653532623563613834633538 +31663565626138376231643537306362336334336334353662633166653630366438633636633765 +33636362333630653064326165336334396538653332323332656634656361613335373939636264 +64356163336138316235626331373637316661363233366535356532323539653166303234346162 +3062666234396362623664626535326534376535346233376232 diff --git a/ansible/roles/nebula/tasks/main.yml b/ansible/roles/nebula/tasks/main.yml index f09c9c7..f8a57db 100644 --- a/ansible/roles/nebula/tasks/main.yml +++ b/ansible/roles/nebula/tasks/main.yml @@ -22,11 +22,30 @@ become: true notify: restart nebula +- name: Install CA certificate + template: + src: files/ca.crt + dest: /etc/nebula/ca.crt + mode: "0600" + become: true + notify: restart nebula + +- name: Install client certificates + template: + src: files/certs/{{ item }} + dest: /etc/nebula/{{ item }} + mode: "0600" + loop: + - "{{ ansible_fqdn }}.key" + - "{{ ansible_fqdn }}.crt" + become: true + notify: restart nebula + - name: Install service get_url: url: https://raw.githubusercontent.com/slackhq/nebula/v{{ nebula_version }}/dist/arch/nebula.service dest: /usr/lib/systemd/system/nebula.service - mode: '0644' + mode: "0644" become: true - name: Enable service