Jérémy Dubois
6a2faf5649
On OpenBSD, ansible_fqdn is the reverse of the IP, which is not always properly configured
26 lines
1.1 KiB
YAML
26 lines
1.1 KiB
YAML
---
|
|
|
|
- name: Default certificate is present
|
|
when: evobsd_default_ssl_cert | bool
|
|
block:
|
|
- name: Ensure /etc/ssl/certs exists
|
|
ansible.builtin.file:
|
|
path: /etc/ssl/certs/
|
|
owner: root
|
|
group: wheel
|
|
mode: "0755"
|
|
state: directory
|
|
ignore_errors: '{{ ansible_check_mode }}'
|
|
|
|
- name: Create private key and csr for default site ({{ evobsd_ssl_cert_hostname }})
|
|
ansible.builtin.command:
|
|
cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key -out /etc/ssl/{{ evobsd_ssl_cert_hostname }}.csr -batch -subj "/CN={{ evobsd_ssl_cert_hostname }}"
|
|
args:
|
|
creates: "/etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key"
|
|
|
|
- name: Create certificate for default site
|
|
ansible.builtin.command:
|
|
cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evobsd_ssl_cert_hostname }}.csr -signkey /etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key -out /etc/ssl/certs/{{ evobsd_ssl_cert_hostname }}.crt
|
|
args:
|
|
creates: "/etc/ssl/certs/{{ evobsd_ssl_cert_hostname }}.crt"
|