From 2747a5fe8153c018242fc26ed5ecfcaa63c49af2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Wed, 22 Nov 2023 15:20:34 +0100
Subject: [PATCH] [fix] role:tlscert_selfsigned

---
 .../roles/tlscert_selfsigned/tasks/main.json  | 55 ++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/tlscert_selfsigned/tasks/main.json b/ansible/roles/tlscert_selfsigned/tasks/main.json
index 4f24f17..33ee775 100644
--- a/ansible/roles/tlscert_selfsigned/tasks/main.json
+++ b/ansible/roles/tlscert_selfsigned/tasks/main.json
@@ -9,19 +9,72 @@
 		}
 	},
 	{
-		"name": "generate key",
+		"name": "setup directories | keys",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private"
+		}
+	},
+	{
+		"name": "setup directories | certs",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs"
+		}
+	},
+	{
+		"name": "setup directories | csr",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr"
+		}
+	},
+	{
+		"name": "setup directories | fullchains",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+		}
+	},
+	{
+		"name": "csr | generate private key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
 		}
 	},
+	{
+		"name": "csr | execute",
+		"become": true,
+		"community.crypto.openssl_csr": {
+			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
+			"common_name": "{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}",
+			"subject_alt_name": [
+				"DNS:{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}"
+			],
+			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+		},
+		"register": "temp_csr"
+	},
 	{
 		"name": "generate certificate",
 		"become": true,
 		"community.crypto.x509_certificate": {
 			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
+			"csr_path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
 			"provider": "selfsigned",
 			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
 		}
+	},
+	{
+		"name": "compose fullchain",
+		"become": true,
+		"ansible.builtin.shell": {
+			"cmd": "cat {{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem > {{var_tlscert_selfsigned_ssl_directory}}/fullchains/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+		}
 	}
 ]