Merge branch 'main' of dl-cloud-gitlab:roydfalk/ansible-base

roles/tlscert_existing/defaults/main.json

@@ -1,8 +1,6 @@
 {
+	"var_tlscert_existing_domain": "foo.example.org",
 	"var_tlscert_existing_key_path": "/tmp/key.pem",
 	"var_tlscert_existing_cert_path": "/tmp/cert.pem",
-	"var_tlscert_existing_fullchain_path": "/tmp/fullchain.pem",
-	"var_tlscert_existing_domain_base": "example.org",
-	"var_tlscert_existing_domain_path": "foo",
-	"var_tlscert_existing_ssl_directory": "/etc/ssl"
+	"var_tlscert_existing_fullchain_path": "/tmp/fullchain.pem"
 }

roles/tlscert_existing/tasks/main.json

@@ -3,10 +3,10 @@
 		"name": "directories",
 		"become": true,
 		"loop": [
-			"{{var_tlscert_existing_ssl_directory}}/private",
-			"{{var_tlscert_existing_ssl_directory}}/csr",
-			"{{var_tlscert_existing_ssl_directory}}/certs",
-			"{{var_tlscert_existing_ssl_directory}}/fullchains"
+			"/etc/ssl/private",
+			"/etc/ssl/csr",
+			"/etc/ssl/certs",
+			"/etc/ssl/fullchains"
 		],
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -18,7 +18,7 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "{{var_tlscert_existing_key_path}}",
-			"dest": "{{var_tlscert_existing_ssl_directory}}/private/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"dest": "/etc/ssl/private/{{var_tlscert_existing_domain}}.pem"
 		}
 	},
 	{
@@ -26,7 +26,7 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "{{var_tlscert_existing_cert_path}}",
-			"dest": "{{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"dest": "/etc/ssl/certs/{{var_tlscert_existing_domain}}.pem"
 		}
 	},
 	{
@@ -35,7 +35,7 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"src": "{{var_tlscert_existing_fullchain_path}}",
-			"dest": "{{var_tlscert_existing_ssl_directory}}/fullchains/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"dest": "/etc/ssl/fullchains/{{var_tlscert_existing_domain}}.pem"
 		}
 	},
 	{
@@ -43,7 +43,7 @@
 		"when": "var_tlscert_existing_fullchain_path == None",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat {{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem > {{var_tlscert_existing_ssl_directory}}/fullchains/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{var_tlscert_existing_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_existing_domain}}.pem"
 		}
 	}
 ]

roles/tlscert_selfsigned/defaults/main.json

@@ -1,5 +1,3 @@
 {
-	"var_tlscert_selfsigned_domain_base": "example.org",
-	"var_tlscert_selfsigned_domain_path": "foo",
-	"var_tlscert_selfsigned_ssl_directory": "/etc/ssl"
+	"var_tlscert_selfsigned_domain": "foo.example.org"
 }

roles/tlscert_selfsigned/tasks/main.json

@@ -14,10 +14,10 @@
 		"name": "setup directories",
 		"become": true,
 		"loop": [
-			"{{var_tlscert_selfsigned_ssl_directory}}/private",
-			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
-			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
-			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+			"/etc/ssl/private",
+			"/etc/ssl/csr",
+			"/etc/ssl/certs",
+			"/etc/ssl/fullchains"
 		],
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -28,19 +28,19 @@
 		"name": "csr | generate private key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	},
 	{
 		"name": "csr | execute",
 		"become": true,
 		"community.crypto.openssl_csr": {
-			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
-			"common_name": "{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}",
+			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"common_name": "{{var_tlscert_selfsigned_domain}}",
 			"subject_alt_name": [
-				"DNS:{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}"
+				"DNS:{{var_tlscert_selfsigned_domain}}"
 			],
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
 		},
 		"register": "temp_csr"
 	},
@@ -48,17 +48,17 @@
 		"name": "generate certificate",
 		"become": true,
 		"community.crypto.x509_certificate": {
-			"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
-			"csr_path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
+			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
 			"provider": "selfsigned",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	},
 	{
 		"name": "compose fullchain",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat {{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem > {{var_tlscert_selfsigned_ssl_directory}}/fullchains/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
 		}
 	}
 ]