misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

[mod] role:tlscert_selfsigned:remove var for ssl-path and unify domain vars

Browse source
This commit is contained in:
roydfalk 2024-06-25 11:33:12 +02:00
parent 82e9f8e806
commit c997a20276
2 changed files with 14 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/tlscert_selfsigned/defaults/main.json
View file

@ -1,5 +1,3 @@
{
"var_tlscert_selfsigned_domain_base": "example.org",
"var_tlscert_selfsigned_domain_path": "foo",
"var_tlscert_selfsigned_ssl_directory": "/etc/ssl"
"var_tlscert_selfsigned_domain": "foo.example.org"
}

26
roles/tlscert_selfsigned/tasks/main.json
View file

@ -14,10 +14,10 @@
"name": "setup directories",
"become": true,
"loop": [
"{{var_tlscert_selfsigned_ssl_directory}}/private",
"{{var_tlscert_selfsigned_ssl_directory}}/csr",
"{{var_tlscert_selfsigned_ssl_directory}}/certs",
"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
"/etc/ssl/private",
"/etc/ssl/csr",
"/etc/ssl/certs",
"/etc/ssl/fullchains"
],
"ansible.builtin.file": {
"state": "directory",
@ -28,19 +28,19 @@
"name": "csr | generate private key",
"become": true,
"community.crypto.openssl_privatekey": {
"path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
}
},
{
"name": "csr | execute",
"become": true,
"community.crypto.openssl_csr": {
"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
"common_name": "{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}",
"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
"common_name": "{{var_tlscert_selfsigned_domain}}",
"subject_alt_name": [
"DNS:{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}"
"DNS:{{var_tlscert_selfsigned_domain}}"
],
"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
},
"register": "temp_csr"
},
@ -48,17 +48,17 @@
"name": "generate certificate",
"become": true,
"community.crypto.x509_certificate": {
"privatekey_path": "{{var_tlscert_selfsigned_ssl_directory}}/private/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
"csr_path": "{{var_tlscert_selfsigned_ssl_directory}}/csr/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem",
"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
"provider": "selfsigned",
"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
}
},
{
"name": "compose fullchain",
"become": true,
"ansible.builtin.shell": {
"cmd": "cat {{var_tlscert_selfsigned_ssl_directory}}/certs/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem > {{var_tlscert_selfsigned_ssl_directory}}/fullchains/{{var_tlscert_selfsigned_domain_path}}.{{var_tlscert_selfsigned_domain_base}}.pem"
"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
}
}
]