ansible-role-mumble/tasks/self_signed_domain.yml

42 lines
1.2 KiB
YAML

- name: Create {{ domain.name }} certificates directory
file:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d"
state: directory
owner: root
group: root
mode: "755"
tags: selfsigned_install
- name: Generate private key for {{ domain.name }} certificate
openssl_privatekey:
path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
owner: root
group: "{{ acme_ssl_group }}"
mode: "640"
type: RSA
size: 4096
tags: selfsigned_config
- name: Generate CSR for {{ domain.name }} certificate
openssl_csr:
path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
owner: root
group: root
mode: "644"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
common_name: "{{ domain.name }}"
subject_alt_name: "{{ domain.alt_names | default([]) | map('regex_replace', '^', 'DNS:') | list }}"
tags: selfsigned_config
- name: Generate self-signed certificate
openssl_certificate:
path: "{{ acme_certs_dir }}/{{ domain.name }}.d/fullchain.pem"
csr_path: "{{ acme_csr_dir }}/{{ domain.name }}.csr"
privatekey_path: "{{ acme_keys_dir }}/{{ domain.name }}.key"
provider: selfsigned
state: present
owner: root
group: root
mode: "644"
tags: selfsigned_config