updated readme layout

2024-06-02 12:30:24 +02:00 · 2024-06-02 12:30:24 +02:00 · 6eec65e16f
parent 84ecad4298
commit 6eec65e16f
1 changed files with 51 additions and 47 deletions
--- a/README.md
+++ b/README.md
@ -32,53 +32,7 @@ ansible-galaxy install ansibleguy.infra_certs --roles-path ./roles
 ansible-galaxy install -r requirements.yml
 ```
-## Functionality
+----
 * **Package installation**
  * Ansible dependencies (_minimal_)
  * Crypto Dependencies
 * **Configuration**
  * **Four Possible Modes**:
    * Generate **Self-Signed** certificate
    * Use a **minimal Certificate Authority** to create signed certificates
    * Configure **LetsEncrypt-Certbot** to generate publicly valid certificates
      * Supported for Nginx and Apache
      * Host needs to have a valid public dns record pointed at it
      * Needs to be publicly reachable over port 80/tcp
  * **Default config**:
    * Mode => Self-Signed
 ## Info
 * **Note:** this role currently only supports debian-based systems
 * **Note:** Most of the role's functionality can be opted in or out.
  For all available options - see the default-config located in [the main defaults-file](https://github.com/ansibleguy/infra_certs/blob/latest/defaults/main/1_main.yml)!
 * **Note:** If you have the need to **mass manage certificates** - you might want to check out the [ansibleguy.infra_pki](https://github.com/ansibleguy/infra_pki) role that enables you to create and manage a full **P**ublic **K**ey **I**nfrastructure.
 * **Note:** The certificate file-name (_name variable as defined or else CommonName_) will be updated:
  * spaces are transformed into underlines
  * all Characters except "0-9a-zA-Z." are removed
  * the file-extension (_crt/chain.crt/key/csr_) will be appended
 * **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!
 * **Info:** For LetsEncrypt renewal to work, you must allow outgoing connections to:
  80/tcp, 443/tcp+udp to acme-v02.api.letsencrypt.org, staging-v02.api.letsencrypt.org (_debug mode_) and r3.o.lencr.org
 ## Usage
@ -177,3 +131,53 @@ To debug errors - you can set the 'debug' variable at runtime:
 ```bash
 ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
 ```
 ----
 ## Functionality
 * **Package installation**
  * Ansible dependencies (_minimal_)
  * Crypto Dependencies
 * **Configuration**
  * **Four Possible Modes**:
    * Generate **Self-Signed** certificate
    * Use a **minimal Certificate Authority** to create signed certificates
    * Configure **LetsEncrypt-Certbot** to generate publicly valid certificates
      * Supported for Nginx and Apache
      * Host needs to have a valid public dns record pointed at it
      * Needs to be publicly reachable over port 80/tcp
  * **Default config**:
    * Mode => Self-Signed
 ----
 ## Info
 * **Note:** this role currently only supports debian-based systems
 * **Note:** Most of the role's functionality can be opted in or out.
  For all available options - see the default-config located in [the main defaults-file](https://github.com/ansibleguy/infra_certs/blob/latest/defaults/main/1_main.yml)!
 * **Note:** If you have the need to **mass manage certificates** - you might want to check out the [ansibleguy.infra_pki](https://github.com/ansibleguy/infra_pki) role that enables you to create and manage a full **P**ublic **K**ey **I**nfrastructure.
 * **Note:** The certificate file-name (_name variable as defined or else CommonName_) will be updated:
  * spaces are transformed into underlines
  * all Characters except "0-9a-zA-Z." are removed
  * the file-extension (_crt/chain.crt/key/csr_) will be appended
 * **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!
 * **Info:** For LetsEncrypt renewal to work, you must allow outgoing connections to:
  80/tcp, 443/tcp+udp to acme-v02.api.letsencrypt.org, staging-v02.api.letsencrypt.org (_debug mode_) and r3.o.lencr.org