Skip to content

Commit

Permalink
panel: add SAN to cert, ensure cert is tested (#155)
Browse files Browse the repository at this point in the history
  • Loading branch information
@maxhoesel
maxhoesel authored Sep 29, 2023
1 parent 4e5797e commit 0d12398
Show file tree
Hide file tree
Showing 11 changed files with 35 additions and 164 deletions.
7 changes: 7 additions & 0 deletions roles/pterodactyl_panel/molecule/default/converge.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
- name: Converge
hosts: panel
tasks:
- name: "Include pterodactyl_panel"
include_role:
name: "pterodactyl_panel"
10 changes: 0 additions & 10 deletions roles/pterodactyl_panel/molecule/default/files/fullchain.pem
View file

This file was deleted.

5 changes: 0 additions & 5 deletions roles/pterodactyl_panel/molecule/default/files/privkey.pem
View file

This file was deleted.

7 changes: 4 additions & 3 deletions roles/pterodactyl_panel/molecule/default/molecule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,14 @@ platforms:
network: molecule-pterodactyl-panel

provisioner:
playbooks:
converge: ../converge.yml
verify: ../verify.yml
inventory:
group_vars:
all:
pterodactyl_panel_webroot: /var/www/pterodactyl-molecule
pterodactyl_panel_domain: "{{ ansible_fqdn }}"
pterodactyl_panel_ssl_mode: selfsign
pterodactyl_panel_ssl_cert: /etc/ssl/selfsign-test.crt
pterodactyl_panel_ssl_key: /etc/ssl/selfsign-test.key
pterodactyl_panel_app_key: base64:plc67JdoBykgQPhTJV8BCu1MDAYM0QRbZt93mnh/uyE=
pterodactyl_panel_hashids_salt: YhQ1W5XhR1cTZGMLK16a
# DB Settings
Expand Down
18 changes: 0 additions & 18 deletions roles/pterodactyl_panel/molecule/default/prepare.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,3 @@
apt:
update_cache: yes
when: ansible_os_family == "Debian"

- name: SSL cert directory exists
ansible.builtin.file:
path: /etc/letsencrypt/live/{{ ansible_fqdn }}/
state: directory
owner: root
group: root
mode: "755"
- name: Copy existing SSL cert/key to fake letsencrypt directory
copy:
src: "{{ item }}"
dest: /etc/letsencrypt/live/{{ ansible_fqdn }}/
owner: root
group: root
mode: 0755 # this is insecure, don't do this in prod
loop:
- "fullchain.pem"
- "privkey.pem"
14 changes: 14 additions & 0 deletions roles/pterodactyl_panel/molecule/default/verify.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
- name: Verify
hosts: panel
tasks:
- name: Get panel homepage
ansible.builtin.uri:
url: "https://{{ pterodactyl_panel_domain }}"
ca_path: "{{ pterodactyl_panel_ssl_cert }}"
return_content: true
register: page
- name: Verify that homepage was loaded
assert:
that:
- '"Pterodactyl" in page.content'
103 changes: 0 additions & 103 deletions roles/pterodactyl_panel/molecule/selfsign/molecule.yml
View file

This file was deleted.

6 changes: 0 additions & 6 deletions roles/pterodactyl_panel/molecule/selfsign/prepare.yml
View file

This file was deleted.

1 change: 0 additions & 1 deletion roles/pterodactyl_panel/molecule/selfsign/requirements.txt
View file

This file was deleted.

18 changes: 0 additions & 18 deletions roles/pterodactyl_panel/molecule/verify.yml
View file

This file was deleted.

10 changes: 10 additions & 0 deletions roles/pterodactyl_panel/tasks/selfsign.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,19 @@
group: www-data
mode: "640"

- name: Signing request (CSR) for self-signed certificate
community.crypto.openssl_csr_pipe:
privatekey_path: "{{ pterodactyl_panel_ssl_key }}"
common_name: "{{ pterodactyl_panel_domain }}"
organization_name: Pterodactyl Panel
register: csr
changed_when: no
check_mode: no

- name: Self-signed cert is present
community.crypto.x509_certificate:
path: "{{ pterodactyl_panel_ssl_cert }}"
csr_content: "{{ csr.csr }}"
privatekey_path: "{{ pterodactyl_panel_ssl_key }}"
provider: selfsigned
owner: root
Expand Down

0 comments on commit 0d12398

Please sign in to comment.