82 lines
3.0 KiB
YAML
82 lines
3.0 KiB
YAML
---
|
|
|
|
- name: Certificates | Snakeoil | Creating cert directory
|
|
ansible.builtin.file:
|
|
path: "{{ CERT_CONFIG.path }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ CERT_CONFIG.owner_key }}"
|
|
group: "{{ CERT_CONFIG.group_key }}"
|
|
|
|
- name: Certificates | Snakeoil | Setting SAN
|
|
ansible.builtin.set_fact:
|
|
cert_san: "{% for domain in CERT_CONFIG.cert.domains %}
|
|
{% if domain | valid_hostname %}DNS:{{ domain }}{% if not loop.last %},{% endif %}{% endif %}
|
|
{% endfor %}
|
|
{% for ip in CERT_CONFIG.cert.ips %}
|
|
{% if ip | valid_ip %},IP:{{ ip }}{% endif %}
|
|
{% endfor %}
|
|
{% if CERT_CONFIG.cert.san_other %}
|
|
{% if CERT_CONFIG.cert.domains | length > 0 or CERT_CONFIG.cert.ips | length > 0 %},{% endif %}
|
|
{{ CERT_CONFIG.cert.san_other }}
|
|
{% endif %}"
|
|
when: >
|
|
CERT_CONFIG.cert.domains | length > 0 or
|
|
CERT_CONFIG.cert.ips | length > 0 or
|
|
CERT_CONFIG.cert.san_other
|
|
|
|
- name: Certificates | Snakeoil | Build command 1/2
|
|
ansible.builtin.set_fact:
|
|
cert_pub: "{{ CERT_CONFIG.path }}/{{ name | default(CERT_CONFIG.cert.name) }}.{{ CERT_CONFIG.extension_cert }}"
|
|
cert_key: "{{ CERT_CONFIG.path }}/{{ name | default(CERT_CONFIG.cert.name) }}.{{ CERT_CONFIG.extension_key }}"
|
|
cert_attrs: "-days {{ CERT_CONFIG.cert.valid_days }} \
|
|
{% if CERT_CONFIG.cert.cn | default(none, true) is not none %}\
|
|
-subj \"/CN={{ CERT_CONFIG.cert.cn }}\"
|
|
{% endif %}\
|
|
{% if cert_san | default(none, true) is not none %}
|
|
-addext \"subjectAltName = {{ cert_san | replace(' ', '') }}\" \
|
|
{% endif %}"
|
|
|
|
- name: Certificates | Snakeoil | Build command 2/2 (RSA)
|
|
ansible.builtin.set_fact:
|
|
cert_cmd_rsa: "openssl req -x509 -newkey rsa:{{ CERT_CONFIG.cert.key_size }} -sha256 -nodes {{ cert_attrs }} \
|
|
-keyout {{ cert_key }} -out {{ cert_pub }}"
|
|
when: CERT_CONFIG.cert.key_type == 'RSA'
|
|
|
|
- name: Certificates | Snakeoil | Build command 2/2 (ECC)
|
|
ansible.builtin.set_fact:
|
|
cert_cmd_ecc1: "openssl ecparam -out {{ cert_key }} -name {{ CERT_CONFIG.cert.curve }} -genkey"
|
|
cert_cmd_ecc2: "openssl req -new -x509 -nodes -key {{ cert_key }} -out {{ cert_pub }} {{ cert_attrs }}"
|
|
when: CERT_CONFIG.cert.key_type == 'ECC'
|
|
|
|
- name: Certificates | Snakeoil | Certificate command (RSA)
|
|
ansible.builtin.debug:
|
|
var: cert_cmd_rsa
|
|
when: CERT_CONFIG.cert.key_type == 'RSA'
|
|
|
|
- name: Certificates | Snakeoil | Certificate commands (ECC)
|
|
ansible.builtin.debug:
|
|
var: "{{ item }}"
|
|
loop:
|
|
- cert_cmd_ecc1
|
|
- cert_cmd_ecc2
|
|
when: CERT_CONFIG.cert.key_type == 'ECC'
|
|
|
|
- name: Certificates | Snakeoil | Create Certificate (RSA)
|
|
ansible.builtin.command: "{{ cert_cmd_rsa }}"
|
|
args:
|
|
creates: "{{ cert_pub }}"
|
|
when: CERT_CONFIG.cert.key_type == 'RSA'
|
|
|
|
- name: Certificates | Snakeoil | Create Key (ECC)
|
|
ansible.builtin.command: "{{ cert_cmd_ecc1 }}"
|
|
args:
|
|
creates: "{{ cert_key }}"
|
|
when: CERT_CONFIG.cert.key_type == 'ECC'
|
|
|
|
- name: Certificates | Snakeoil | Create Certificate (ECC)
|
|
ansible.builtin.command: "{{ cert_cmd_ecc2 }}"
|
|
args:
|
|
creates: "{{ cert_pub }}"
|
|
when: CERT_CONFIG.cert.key_type == 'ECC'
|