add role: x509/selfsigned

1 files changed, 32 insertions, 3 deletions

diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml
index c66601cb..de8e66ba 100644
--- a/dan/sk-testvm.yml
+++ b/dan/sk-testvm.yml
@@ -11,7 +11,9 @@
 - name: Payload Setup
   hosts: sk-testvm
   vars:
-    cert_provider: static
+    # cert_provider: acmetool
+    # cert_provider: static
+    cert_provider: selfsigned
   roles:
   - role: "x509/{{ cert_provider }}/base"
   - role: nginx/base
@@ -54,7 +56,21 @@
           '/':
             root: /var/www/default
             index: index.html
-      static_cert_config: "{{ static_cert_config__default }}"
+      # static_cert_config: "{{ static_cert_config__default }}"
+      selfsigned_cert_config:
+        cert:
+          organization_name: "elev8"
+          organizational_unit_name: "ansible"
+          key_usage:
+          - digitalSignature
+          - keyAgreement
+          key_usage_critical: yes
+          extended_key_usage:
+          - serverAuth
+          extended_key_usage_critical: yes
+          create_subject_key_identifier: yes
+          not_after: +1000w
+
     include_role:
       name: nginx/vhost
 
@@ -91,6 +107,19 @@
           '/':
             root: /var/www/test
             index: index.html
-      static_cert_config: "{{ static_cert_config__test }}"
+      # static_cert_config: "{{ static_cert_config__test }}"
+      selfsigned_cert_config:
+        cert:
+          organization_name: "spreadspace"
+          organizational_unit_name: "ansible"
+          key_usage:
+          - digitalSignature
+          - keyAgreement
+          key_usage_critical: yes
+          extended_key_usage:
+          - serverAuth
+          extended_key_usage_critical: yes
+          create_subject_key_identifier: yes
+          not_after: +100w
     include_role:
       name: nginx/vhost