From 61b39794e8c61451891ccd4bd3cc06f88f1c74fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 25 Jun 2024 11:32:36 +0200
Subject: [PATCH 1/2] [mod] role:tlscert_existing:remove var for ssl-path and
 unify domain vars

---
 roles/tlscert_existing/defaults/main.json |  6 ++----
 roles/tlscert_existing/tasks/main.json    | 16 ++++++++--------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/roles/tlscert_existing/defaults/main.json b/roles/tlscert_existing/defaults/main.json
index 66473bb..b47e0a2 100644
--- a/roles/tlscert_existing/defaults/main.json
+++ b/roles/tlscert_existing/defaults/main.json
@@ -1,8 +1,6 @@
 {
+	"var_tlscert_existing_domain": "foo.example.org",
 	"var_tlscert_existing_key_path": "/tmp/key.pem",
 	"var_tlscert_existing_cert_path": "/tmp/cert.pem",
-	"var_tlscert_existing_fullchain_path": "/tmp/fullchain.pem",
-	"var_tlscert_existing_domain_base": "example.org",
-	"var_tlscert_existing_domain_path": "foo",
-	"var_tlscert_existing_ssl_directory": "/etc/ssl"
+	"var_tlscert_existing_fullchain_path": "/tmp/fullchain.pem"
 }
diff --git a/roles/tlscert_existing/tasks/main.json b/roles/tlscert_existing/tasks/main.json
index 28ebd49..bc4354a 100644
--- a/roles/tlscert_existing/tasks/main.json
+++ b/roles/tlscert_existing/tasks/main.json
@@ -3,10 +3,10 @@
 		"name": "directories",
 		"become": true,
 		"loop": [
-			"{{var_tlscert_existing_ssl_directory}}/private",
-			"{{var_tlscert_existing_ssl_directory}}/csr",
-			"{{var_tlscert_existing_ssl_directory}}/certs",
-			"{{var_tlscert_existing_ssl_directory}}/fullchains"
+			"/etc/ssl/private",
+			"/etc/ssl/csr",
+			"/etc/ssl/certs",
+			"/etc/ssl/fullchains"
 		],
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -18,7 +18,7 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "{{var_tlscert_existing_key_path}}",
-			"dest": "{{var_tlscert_existing_ssl_directory}}/private/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"dest": "/etc/ssl/private/{{var_tlscert_existing_domain}}.pem"
 		}
 	},
 	{
@@ -26,7 +26,7 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "{{var_tlscert_existing_cert_path}}",
-			"dest": "{{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"dest": "/etc/ssl/certs/{{var_tlscert_existing_domain}}.pem"
 		}
 	},
 	{
@@ -35,7 +35,7 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "{{var_tlscert_existing_fullchain_path}}",
-			"dest": "{{var_tlscert_existing_ssl_directory}}/fullchains/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"dest": "/etc/ssl/fullchains/{{var_tlscert_existing_domain}}.pem"
 		}
 	},
 	{
@@ -43,7 +43,7 @@
 		"when": "var_tlscert_existing_fullchain_path == None",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat {{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem > {{var_tlscert_existing_ssl_directory}}/fullchains/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{var_tlscert_existing_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_existing_domain}}.pem"
 		}
 	}
 ]

From b3cd34f0ac50c9269266646b8e3ae845c3824471 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 25 Jun 2024 11:33:12 +0200
Subject: [PATCH 2/2] [mod] role:tlscert_selfsigned:remove var for ssl-path and
 unify domain vars

---
 roles/tlscert_selfsigned/defaults/main.json |  4 +---
 roles/tlscert_selfsigned/tasks/main.json    | 26 ++++++++++-----------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/roles/tlscert_selfsigned/defaults/main.json b/roles/tlscert_selfsigned/defaults/main.json
index 23e7808..06c1a9a 100644
--- a/roles/tlscert_selfsigned/defaults/main.json
+++ b/roles/tlscert_selfsigned/defaults/main.json
@@ -1,5 +1,3 @@
 {
-	"var_tlscert_selfsigned_domain_base": "example.org",
-	"var_tlscert_selfsigned_domain_path": "foo",
-	"var_tlscert_selfsigned_ssl_directory": "/etc/ssl"
+	"var_tlscert_selfsigned_domain": "foo.example.org"
 }
diff --git a/roles/tlscert_selfsigned/tasks/main.json b/roles/tlscert_selfsigned/tasks/main.json
index 5b816f3..bed8255 100644
--- a/roles/tlscert_selfsigned/tasks/main.json
+++ b/roles/tlscert_selfsigned/tasks/main.json
@@ -14,10 +14,10 @@
 		"name": "setup directories",
 		"become": true,
 		"loop": [
-			"{{var_tlscert_selfsigned_ssl_directory}}/private",
-			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
-			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
-			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+			"/etc/ssl/private",
+			"/etc/ssl/csr",
+			"/etc/ssl/certs",
+			"/etc/ssl/fullchains"
 		],
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -28,19 +28,19 @@
 		"name": "csr | generate private key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	},
 	{
 		"name": "csr | execute",
 		"become": true,
 		"community.crypto.openssl_csr": {
-			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
-			"common_name": "{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}",
+			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"common_name": "{{var_tlscert_selfsigned_domain}}",
 			"subject_alt_name": [
-				"DNS:{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}"
+				"DNS:{{var_tlscert_selfsigned_domain}}"
 			],
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
 		},
 		"register": "temp_csr"
 	},
@@ -48,17 +48,17 @@
 		"name": "generate certificate",
 		"become": true,
 		"community.crypto.x509_certificate": {
-			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
-			"csr_path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
+			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
 			"provider": "selfsigned",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	},
 	{
 		"name": "compose fullchain",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat {{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem > {{var_tlscert_selfsigned_ssl_directory}}/fullchains/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	}
 ]