ansible-base/roles/tlscert_selfsigned/tasks/main.json

[
	{
		"name": "show vars",
		"when": "switch_show_vars",
		"ansible.builtin.debug": {
			"var": "vars.cfg_tlscert_selfsigned"
		}
	},
	{
		"name": "install packages",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"openssl",
				"python3-cryptography"
			]
		}
	},
	{
		"name": "setup directories",
		"become": true,
		"loop": [
			"/etc/ssl/private",
			"/etc/ssl/csr",
			"/etc/ssl/certs",
			"/etc/ssl/fullchains"
		],
		"ansible.builtin.file": {
			"state": "directory",
			"path": "{{item}}"
		}
	},
	{
		"name": "csr | generate private key",
		"become": true,
		"community.crypto.openssl_privatekey": {
			"path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem"
		}
	},
	{
		"name": "csr | execute",
		"become": true,
		"community.crypto.openssl_csr": {
			"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",
			"common_name": "{{cfg_tlscert_selfsigned.domain}}",
			"subject_alt_name": [
				"DNS:{{cfg_tlscert_selfsigned.domain}}"
			],
			"path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem"
		},
		"register": "temp_csr"
	},
	{
		"name": "generate certificate",
		"become": true,
		"community.crypto.x509_certificate": {
			"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",
			"csr_path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem",
			"provider": "selfsigned",
			"path": "/etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem"
		}
	},
	{
		"name": "compose fullchain",
		"become": true,
		"ansible.builtin.shell": {
			"cmd": "cat /etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem > /etc/ssl/fullchains/{{cfg_tlscert_selfsigned.domain}}.pem"
		}
	}
]
[ini] 2023-11-20 02:07:08 +01:00			`[`
[int] 2025-10-08 11:20:09 +02:00			`{`
			`"name": "show vars",`
			`"when": "switch_show_vars",`
			`"ansible.builtin.debug": {`
			`"var": "vars.cfg_tlscert_selfsigned"`
			`}`
			`},`
[ini] 2023-11-20 02:07:08 +01:00			`{`
			`"name": "install packages",`
			`"become": true,`
			`"ansible.builtin.apt": {`
[fix] role:tlscert_selfsigned:apt update 2024-03-20 00:04:13 +01:00			`"update_cache": true,`
[ini] 2023-11-20 02:07:08 +01:00			`"pkg": [`
[fix] tls roles: packages 2023-11-29 16:52:23 +01:00			`"openssl",`
[ini] 2023-11-20 02:07:08 +01:00			`"python3-cryptography"`
			`]`
			`}`
			`},`
			`{`
[mod] tls roles: use loop for setting up directories 2023-12-14 10:01:08 +01:00			`"name": "setup directories",`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`"become": true,`
[mod] tls roles: use loop for setting up directories 2023-12-14 10:01:08 +01:00			`"loop": [`
[mod] role:tlscert_selfsigned:remove var for ssl-path and unify domain vars 2024-06-25 11:33:12 +02:00			`"/etc/ssl/private",`
			`"/etc/ssl/csr",`
			`"/etc/ssl/certs",`
			`"/etc/ssl/fullchains"`
[mod] tls roles: use loop for setting up directories 2023-12-14 10:01:08 +01:00			`],`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`"ansible.builtin.file": {`
			`"state": "directory",`
[mod] tls roles: use loop for setting up directories 2023-12-14 10:01:08 +01:00			`"path": "{{item}}"`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`}`
			`},`
			`{`
			`"name": "csr \| generate private key",`
[ini] 2023-11-20 02:07:08 +01:00			`"become": true,`
			`"community.crypto.openssl_privatekey": {`
[int] 2025-10-08 11:20:09 +02:00			`"path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem"`
[ini] 2023-11-20 02:07:08 +01:00			`}`
			`},`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`{`
			`"name": "csr \| execute",`
			`"become": true,`
			`"community.crypto.openssl_csr": {`
[int] 2025-10-08 11:20:09 +02:00			`"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",`
			`"common_name": "{{cfg_tlscert_selfsigned.domain}}",`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`"subject_alt_name": [`
[int] 2025-10-08 11:20:09 +02:00			`"DNS:{{cfg_tlscert_selfsigned.domain}}"`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`],`
[int] 2025-10-08 11:20:09 +02:00			`"path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem"`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`},`
			`"register": "temp_csr"`
			`},`
[ini] 2023-11-20 02:07:08 +01:00			`{`
			`"name": "generate certificate",`
			`"become": true,`
			`"community.crypto.x509_certificate": {`
[int] 2025-10-08 11:20:09 +02:00			`"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",`
			`"csr_path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem",`
[ini] 2023-11-20 02:07:08 +01:00			`"provider": "selfsigned",`
[int] 2025-10-08 11:20:09 +02:00			`"path": "/etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem"`
[ini] 2023-11-20 02:07:08 +01:00			`}`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`},`
			`{`
			`"name": "compose fullchain",`
			`"become": true,`
			`"ansible.builtin.shell": {`
[int] 2025-10-08 11:20:09 +02:00			`"cmd": "cat /etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem > /etc/ssl/fullchains/{{cfg_tlscert_selfsigned.domain}}.pem"`
[fix] role:tlscert_selfsigned 2023-11-22 15:20:34 +01:00			`}`
[ini] 2023-11-20 02:07:08 +01:00			`}`
			`]`