Selfsigned cert task - initial work (#5)

initial commit for selfsigned cert task Co-authored-by: muppeth <muppeth@disroot.org> Reviewed-on: #5 Reviewed-by: meaz <meaz@no-reply@disroot.org> Reviewed-by: antilopa <antilopa@no-reply@disroot.org> Co-Authored-By: muppeth <muppeth@no-reply@disroot.org> Co-Committed-By: muppeth <muppeth@no-reply@disroot.org>
2021-04-11 13:43:35 +00:00 · 2021-04-11 13:43:35 +00:00 · a9ebf9f942
parent 2841af5dae
commit a9ebf9f942
1 changed files with 37 additions and 0 deletions
--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@ -48,3 +48,40 @@
  with_items: "{{ nginx_vhosts }}"
  when: item.copy_ssl is defined
  notify: reload nginx
+
+- name: "[SELFSIGNED] - Create Key folder"
+  file:
+    path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
+    state: directory
+    mode: 0755
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.selfsigned == 'true'
+  notify: reload nginx
+  
+
+- name: '[SELFSIGNED] - Create a self-signed key'
+  openssl_privatekey:
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                       
+    size: 2048                                                                                          
+    type: RSA 
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
+  notify: reload nginx
+
+- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'                                  
+  openssl_csr:                                                                                          
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'                                                           
+    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                                               
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
+  notify: reload nginx
+
+- name: '[SELFSIGNED] - Create a self-signed certificate'                                                    
+  openssl_certificate:                                                                                  
+    path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'                                                           
+    privatekey_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'                                              
+    csr_path:  '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'                                                       
+    provider: selfsigned
+  with_items: "{{ nginx_vhosts }}"
+  when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true' 
+  notify: reload nginx