[task-406] tlscert_selfsigned

2025-10-09 01:41:40 +02:00 · 2025-10-09 01:41:40 +02:00 · 5d1b1908a5
parent 283b8d9863
commit 5d1b1908a5
3 changed files with 32 additions and 10 deletions
--- a/roles/tlscert_selfsigned/cfg.schema.json
+++ b/roles/tlscert_selfsigned/cfg.schema.json
@ -0,0 +1,14 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"domain": {
+			"nullable": false,
+			"type": "string"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"domain"
+	]
+}
--- a/roles/tlscert_selfsigned/defaults/main.json
+++ b/roles/tlscert_selfsigned/defaults/main.json
@ -1,3 +1,4 @@
 {
-	"var_tlscert_selfsigned_domain": "foo.example.org"
+	"cfg_tlscert_selfsigned_defaults": {
+	}
 }
--- a/roles/tlscert_selfsigned/tasks/main.json
+++ b/roles/tlscert_selfsigned/tasks/main.json
@ -1,4 +1,11 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_tlscert_selfsigned"
+		}
+	},
 	{
 		"name": "install packages",
 		"become": true,
@ -28,19 +35,19 @@
 		"name": "csr | generate private key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
-			"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
+			"path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem"
 		}
 	},
 	{
 		"name": "csr | execute",
 		"become": true,
 		"community.crypto.openssl_csr": {
-			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
-			"common_name": "{{var_tlscert_selfsigned_domain}}",
+			"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",
+			"common_name": "{{cfg_tlscert_selfsigned.domain}}",
 			"subject_alt_name": [
-				"DNS:{{var_tlscert_selfsigned_domain}}"
+				"DNS:{{cfg_tlscert_selfsigned.domain}}"
 			],
-			"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
+			"path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem"
 		},
 		"register": "temp_csr"
 	},
@ -48,17 +55,17 @@
 		"name": "generate certificate",
 		"become": true,
 		"community.crypto.x509_certificate": {
-			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
-			"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
+			"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",
+			"csr_path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem",
 			"provider": "selfsigned",
-			"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
+			"path": "/etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem"
 		}
 	},
 	{
 		"name": "compose fullchain",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem > /etc/ssl/fullchains/{{cfg_tlscert_selfsigned.domain}}.pem"
 		}
 	}
 ]