ansible-role-mumble/tasks/self_signed_domain.yml

42 lines
1.2 KiB
YAML
Raw Normal View History

2020-12-27 18:18:17 +01:00
- name: Create {{ domain.name }} certificates directory
file:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d"
state: directory
owner: root
group: root
mode: "755"
tags: selfsigned_install
- name: Generate private key for {{ domain.name }} certificate
openssl_privatekey:
path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
owner: root
group: "{{ acme_ssl_group }}"
mode: "640"
type: RSA
size: 4096
tags: selfsigned_config
- name: Generate CSR for {{ domain.name }} certificate
openssl_csr:
path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
owner: root
group: root
mode: "644"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
common_name: "{{ domain.name }}"
subject_alt_name: "{{ domain.alt_names | default([]) | map('regex_replace', '^', 'DNS:') | list }}"
tags: selfsigned_config
- name: Generate self-signed certificate
openssl_certificate:
2021-03-28 10:48:06 +02:00
path: "{{ acme_certs_dir }}/{{ domain.name }}.d/fullchain.pem"
2020-12-27 18:18:17 +01:00
csr_path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
provider: selfsigned
state: present
owner: root
group: root
2021-03-28 10:48:06 +02:00
mode: "644"
tags: selfsigned_config