ansible-role-generate-tls-c.../defaults/main.yml
Blallo 0bcb4b89b6
Optional tld
When updating /etc/hosts to add the hosts in the inventory, also add the name
postfixed with a configurable tld.
2021-01-24 18:37:15 +01:00

54 lines
1.2 KiB
YAML

---
# defaults file for generate-tls-certs
gen_tls_generate_certs: true
# Do not put trailing slash "/"
gen_tls_cert_dir: ./certs
gen_tls_remote_certs_dir: /etc/ssl
gen_tls_remote_ca_certs_dir: /etc/ssl/certs
gen_tls_generate_ca_cert: false
gen_tls_generate_client_cert: false
gen_tls_generate_server_cert: false
# -------
# CA CERT
# -------
gen_tls_ca_cert: ca.pem
gen_tls_ca_csr: ca.csr
gen_tls_ca_key: ca.key
gen_tls_ca_key_size: 4096
# 10 years
gen_tls_ca_valid_days: 3650
# gen_tls_ca_country:
# gen_tls_ca_state:
# gen_tls_ca_locality:
# gen_tls_ca_organization:
# gen_tls_ca_organizationalunit:
gen_tls_ca_commonname: Certificate Authority
#gen_tls_ca_email:
# -----------
# CLIENT CERT
# -----------
gen_tls_client_cert: client.pem
gen_tls_client_key: client.key
gen_tls_client_csr: client.csr
gen_tls_client_key_size: 4096
gen_tls_client_commonname: Client
# 2 years
gen_tls_client_valid_days: 730
# -----------
# SERVER CERT
# -----------
# 2 years
gen_tls_server_valid_days: 730
gen_tls_server_key_size: 4096
# Enable Subject Alternate Name (SAN)
gen_tls_server_enable_san: true
# -------------------
# POPULATE /etc/hosts
# -------------------
gen_tls_populate_etc_hosts: false
# gen_tls_tld: