add ownca x509/certifcate provider

1 files changed, 50 insertions, 0 deletions

diff --git a/roles/x509/ownca/cert/prepare/defaults/main.yml b/roles/x509/ownca/cert/prepare/defaults/main.yml
new file mode 100644
index 00000000..4953db74
--- /dev/null
+++ b/roles/x509/ownca/cert/prepare/defaults/main.yml
@@ -0,0 +1,50 @@
+---
+ownca_cert_hostnames: "{{ x509_certificate_hostnames }}"
+ownca_cert_name: "{{ x509_certificate_name | default(ownca_cert_hostnames[0]) }}"
+
+ownca_cert_base_dir: "/etc/ssl"
+
+# ownca_cert_config:
+#   path: "{{ ownca_cert_base_dir }}/{{ ownca_cert_name }}"
+#   mode: "0750"
+#   owner: root
+#   group: www-data
+#   ca:
+#     key_content: |
+#       -----BEGIN RSA PRIVATE KEY-----
+#       ...
+#       -----END RSA PRIVATE KEY-----
+#     cert_content: |
+#       -----BEGIN CERTIFICATE-----
+#       ...
+#       -----END CERTIFICATE-----
+#   key:
+#     mode: "0640"
+#     owner: root
+#     group: www-data
+#     type: RSA
+#     size: 4096
+#   cert:
+#     mode: "0644"
+#     owner: root
+#     group: www-data
+#     country_name: "AT"
+#     locality_name: "Graz"
+#     organization_name: "spreadspace"
+#     organizational_unit_name: "ansible"
+#     state_or_province_name: "Styria"
+#     basic_constraints:
+#     - "CA:TRUE"
+#     - "pathLenConstraint:0"
+#     basic_constraints_critical: no
+#     key_usage:
+#     - digitalSignature
+#     - keyAgreement
+#     key_usage_critical: yes
+#     extended_key_usage:
+#     - serverAuth
+#     extended_key_usage_critical: yes
+#     create_subject_key_identifier: yes
+#     digest: SHA256
+#     not_before: +0h
+#     not_after: +520w