Add cert to authentik

dns/services.json

@@ -4,6 +4,11 @@
 		"domain": "serguzim.me",
 		"host": "node002"
 	},
+	"auth": {
+		"target": "auth",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
 	"faas": {
 		"target": "faas",
 		"domain": "serguzim.me",

dnsconfig.js

@@ -72,6 +72,7 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH),
 	TLSA("_25._tcp.mail", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
 
 	acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
+	acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"),
 
 	verify_amazon_ses([
 		"dd4g333vxgahaf3rh3dafdx6g7kq7t7z",

roles/authentik/vars/main.yml

@@ -47,6 +47,7 @@ authentik_compose:
         user: root
         volumes:
           - /var/run/docker.sock:/var/run/docker.sock
+          - ./certs:/certs
         env_file:
           - service.env
         depends_on:

roles/lego/files/node002/auth.serguzim.me

@@ -0,0 +1,12 @@
+#!/usr/bin/env sh
+
+domain="auth.serguzim.me"
+
+_install() {
+  install --owner=root --group=root --mode=600 \
+	  "$CERTIFICATES_PATH/$domain.$1" \
+	  "/opt/services/authentik/certs/$domain.$2"
+}
+
+_install crt pem
+_install key key

roles/lego/tasks/systemd.yml

@@ -20,4 +20,5 @@
   loop:
     - msrg.cc
     - db.serguzim.me
+    - auth.serguzim.me
   become: true