From a9ebf9f942f2c2e5712b55f5dab0620b36e8bc4a Mon Sep 17 00:00:00 2001
From: muppeth <muppeth@no-reply@disroot.org>
Date: Sun, 11 Apr 2021 13:43:35 +0000
Subject: [PATCH] Selfsigned cert task - initial work (#5)

initial commit for selfsigned cert task

Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: https://git.disroot.org/Disroot-Ansible/nginx/pulls/5
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Co-Authored-By: muppeth <muppeth@no-reply@disroot.org>
Co-Committed-By: muppeth <muppeth@no-reply@disroot.org>
---
 tasks/ssl.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/tasks/ssl.yml b/tasks/ssl.yml
index 9bc0771..4f9e642 100644
--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@@ -48,3 +48,40 @@
   with_items: "{{ nginx_vhosts }}"
   when: item.copy_ssl is defined
   notify: reload nginx
+
+- name: "[SELFSIGNED] - Create Key folder"
+  file:
+    path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
+    state: directory
+    mode: 0755
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.selfsigned == 'true'
+  notify: reload nginx
+  
+
+- name: '[SELFSIGNED] - Create a self-signed key'
+  openssl_privatekey:
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                       
+    size: 2048                                                                                          
+    type: RSA 
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
+  notify: reload nginx
+
+- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'                                  
+  openssl_csr:                                                                                          
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'                                                           
+    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                                               
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
+  notify: reload nginx
+
+- name: '[SELFSIGNED] - Create a self-signed certificate'                                                    
+  openssl_certificate:                                                                                  
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'                                                           
+    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                                              
+    csr_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'                                                       
+    provider: selfsigned
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' 
+  notify: reload nginx