PPBe
/
ansible-role-mumble
3
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

fix self-signed certificates

master
HgO 2020-12-27 18:18:17 +01:00
parent 7f7079db9e
commit 3365215ceb
3 changed files with 57 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tasks/main.yml
View File

@ -14,10 +14,7 @@
- acme - acme
- name: Install Self-Signed certificates - name: Install Self-Signed certificates
include_tasks: self_signed.yml import_tasks: self_signed.yml
loop: "{{ acme_domains | list }}"
loop_control:
loop_var: domain_name
when: not acme_enabled when: not acme_enabled
tags: tags:
- certificate - certificate

49
tasks/self_signed.yml
View File

@ -14,51 +14,28 @@
path: "{{ config_dir }}" path: "{{ config_dir }}"
state: directory state: directory
owner: root owner: root
group: "{{ acme_ssl_group }}" group: root
mode: "711" mode: "755"
loop: loop:
- "{{ acme_config_dir }}" - "{{ acme_config_dir }}"
- "{{ acme_keys_dir }}" - "{{ acme_certs_dir }}"
- "{{ acme_accounts_dir }}"
- "{{ acme_csr_dir }}" - "{{ acme_csr_dir }}"
loop_control: loop_control:
loop_var: config_dir loop_var: config_dir
tags: selfsigned_install tags: selfsigned_install
- name: Create {{ domain_name }} certificates directory - name: Create ACME private keys directory
file: file:
path: "{{ acme_certs_dir }}/{{ domain_name }}.d" path: "{{ acme_keys_dir }}"
state: directory state: directory
owner: root owner: root
group: "{{ acme_ssl_group }}" group: "{{ acme_ssl_group }}"
mode: "755" mode: "750"
tags: selfsigned_install tags: acme_install
- name: Generate private key for {{ domain_name }} certificate - name: Install Self-Signed certificate for each domain
openssl_privatekey: include_tasks: self_signed_domain.yml
path: "{{ acme_keys_dir }}/{{ domain_name }}.pem" loop: "{{ acme_config.domains }}"
owner: root loop_control:
group: "{{ acme_ssl_group }}" loop_var: domain
mode: "640" label: "{{ domain.name }}"
type: RSA
size: 4096
- name: Generate CSR for {{ domain_name }} certificate
openssl_csr:
path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
owner: root
group: "{{ acme_ssl_group }}"
mode: "644"
privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
common_name: "{{ domain_name }}"
- name: Generate self-signed certificate
openssl_certificate:
path: "{{ acme_certs_dir }}/{{ domain_name }}.d/cert.pem"
csr_path: "{{ acme_csr_dir }}/{{ domain_name }}.csr"
privatekey_path: "{{ acme_keys_dir }}/{{ domain_name }}.pem"
provider: selfsigned
state: present
owner: root
group: "{{ acme_ssl_group }}"
mode: "644"

41
tasks/self_signed_domain.yml 100644
View File

@ -0,0 +1,41 @@
- name: Create {{ domain.name }} certificates directory
file:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d"
state: directory
owner: root
group: root
mode: "755"
tags: selfsigned_install
- name: Generate private key for {{ domain.name }} certificate
openssl_privatekey:
path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
owner: root
group: "{{ acme_ssl_group }}"
mode: "640"
type: RSA
size: 4096
tags: selfsigned_config
- name: Generate CSR for {{ domain.name }} certificate
openssl_csr:
path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
owner: root
group: root
mode: "644"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
common_name: "{{ domain.name }}"
subject_alt_name: "{{ domain.alt_names | default([]) | map('regex_replace', '^', 'DNS:') | list }}"
tags: selfsigned_config
- name: Generate self-signed certificate
openssl_certificate:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d/cert.pem"
csr_path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
provider: selfsigned
state: present
owner: root
group: root
mode: "644"