x509: add new role managed-ca

1 files changed, 49 insertions, 0 deletions

diff --git a/roles/x509/managed-ca/cert/prepare/defaults/main.yml b/roles/x509/managed-ca/cert/prepare/defaults/main.yml
new file mode 100644
index 00000000..8664e7c9
--- /dev/null
+++ b/roles/x509/managed-ca/cert/prepare/defaults/main.yml
@@ -0,0 +1,49 @@
+---
+managed_ca_cert_hostnames: "{{ x509_certificate_hostnames }}"
+managed_ca_cert_name: "{{ x509_certificate_name | default(managed_ca_cert_hostnames[0]) }}"
+
+managed_ca_cert_base_dir: "/etc/ssl"
+
+managed_ca_cert_default_renew_margin: "+30d"
+managed_ca_cert_config: "{{ x509_certificate_config }}"
+# managed_ca_cert_config:
+#   path: "{{ managed_ca_cert_base_dir }}/{{ managed_ca_cert_name }}"
+#   mode: "0750"
+#   owner: root
+#   group: www-data
+#   ca:
+#     host: inventory_name_of_ca_host
+#     name: my-ca
+#   key:
+#     mode: "0640"
+#     owner: root
+#     group: www-data
+#     type: RSA
+#     size: 4096
+#   cert:
+#     mode: "0644"
+#     owner: root
+#     group: www-data
+#     common_name: foo
+#     san_extra:
+#     - "IP:192.0.2.1"
+#     country_name: "AT"
+#     locality_name: "Graz"
+#     organization_name: "spreadspace"
+#     organizational_unit_name: "ansible"
+#     state_or_province_name: "Styria"
+#     basic_constraints:
+#     - "CA:FALSE"
+#     basic_constraints_critical: no
+#     key_usage:
+#     - digitalSignature
+#     - keyAgreement
+#     key_usage_critical: yes
+#     extended_key_usage:
+#     - serverAuth
+#     extended_key_usage_critical: yes
+#     create_subject_key_identifier: yes
+#     digest: sha256
+#     not_before: +0h
+#     not_after: +520w
+#     renew_margin: +42d