blallo
/
ansible-role-generate-tls-certs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ansible-role-generate-tls-c.../defaults/main.yml

55 lines
1.2 KiB
YAML
Raw Permalink Normal View History

Initial commit
2018-04-20 10:40:41 +02:00
---
# defaults file for generate-tls-certs
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_generate_certs: true
Initial commit
2018-04-20 10:40:41 +02:00
# Do not put trailing slash "/"
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_cert_dir: ./certs
gen_tls_remote_certs_dir: /etc/ssl
gen_tls_remote_ca_certs_dir: /etc/ssl/certs
gen_tls_generate_ca_cert: false
gen_tls_generate_client_cert: false
gen_tls_generate_server_cert: false
Change CA cert format and add force copy option The certificate form of the CA has to be crt to be sure it is manageable by the Debian update-ca-certificates executable. Also, added option to force the copy of the certificates, also if the local files did not change.
2021-01-24 22:37:47 +01:00
gen_tls_force_copy: false
Initial commit
2018-04-20 10:40:41 +02:00
# -------
# CA CERT
# -------
Change CA cert format and add force copy option The certificate form of the CA has to be crt to be sure it is manageable by the Debian update-ca-certificates executable. Also, added option to force the copy of the certificates, also if the local files did not change.
2021-01-24 22:37:47 +01:00
gen_tls_ca_cert: ca.crt
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_ca_csr: ca.csr
gen_tls_ca_key: ca.key
gen_tls_ca_key_size: 4096
Initial commit
2018-04-20 10:40:41 +02:00
# 10 years
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_ca_valid_days: 3650
# gen_tls_ca_country:
# gen_tls_ca_state:
# gen_tls_ca_locality:
# gen_tls_ca_organization:
# gen_tls_ca_organizationalunit:
gen_tls_ca_commonname: Certificate Authority
#gen_tls_ca_email:
Initial commit
2018-04-20 10:40:41 +02:00
# -----------
# CLIENT CERT
# -----------
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_client_cert: client.pem
gen_tls_client_key: client.key
gen_tls_client_csr: client.csr
gen_tls_client_key_size: 4096
gen_tls_client_commonname: Client
Initial commit
2018-04-20 10:40:41 +02:00
# 2 years
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_client_valid_days: 730
Initial commit
2018-04-20 10:40:41 +02:00
# -----------
# SERVER CERT
# -----------
# 2 years
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_server_valid_days: 730
gen_tls_server_key_size: 4096
Added support for toggling SAN-certs
2018-04-20 14:09:45 +02:00
# Enable Subject Alternate Name (SAN)
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_server_enable_san: true
Optionally fill /etc/hosts
2021-01-24 12:50:08 +01:00
# -------------------
# POPULATE /etc/hosts
# -------------------
Add pseudo-namespace to variables
2021-01-24 13:16:15 +01:00
gen_tls_populate_etc_hosts: false
Optional tld When updating /etc/hosts to add the hosts in the inventory, also add the name postfixed with a configurable tld.
2021-01-24 18:30:36 +01:00
# gen_tls_tld: