64 lines
1.5 KiB
JSON
64 lines
1.5 KiB
JSON
[
|
|
{
|
|
"name": "install packages",
|
|
"become": true,
|
|
"ansible.builtin.apt": {
|
|
"update_cache": true,
|
|
"pkg": [
|
|
"openssl",
|
|
"python3-cryptography"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "setup directories",
|
|
"become": true,
|
|
"loop": [
|
|
"/etc/ssl/private",
|
|
"/etc/ssl/csr",
|
|
"/etc/ssl/certs",
|
|
"/etc/ssl/fullchains"
|
|
],
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{item}}"
|
|
}
|
|
},
|
|
{
|
|
"name": "csr | generate private key",
|
|
"become": true,
|
|
"community.crypto.openssl_privatekey": {
|
|
"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
|
|
}
|
|
},
|
|
{
|
|
"name": "csr | execute",
|
|
"become": true,
|
|
"community.crypto.openssl_csr": {
|
|
"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
|
|
"common_name": "{{var_tlscert_selfsigned_domain}}",
|
|
"subject_alt_name": [
|
|
"DNS:{{var_tlscert_selfsigned_domain}}"
|
|
],
|
|
"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
|
|
},
|
|
"register": "temp_csr"
|
|
},
|
|
{
|
|
"name": "generate certificate",
|
|
"become": true,
|
|
"community.crypto.x509_certificate": {
|
|
"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
|
|
"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
|
|
"provider": "selfsigned",
|
|
"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
|
|
}
|
|
},
|
|
{
|
|
"name": "compose fullchain",
|
|
"become": true,
|
|
"ansible.builtin.shell": {
|
|
"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
|
|
}
|
|
}
|
|
]
|