1 files changed, 0 insertions, 105 deletions

diff --git a/dan/ele-router.yml b/dan/ele-router.yml
deleted file mode 100644
index e160b57a..00000000
--- a/dan/ele-router.yml
+++ /dev/null
@@ -1,105 +0,0 @@
----
-- name: generate TLS CA for openvpn
-  hosts: ele-router
-  connection: local
-  gather_facts: no
-  tasks:
-  - name: generate CA key and certificate
-    run_once: yes
-    block:
-    - name: generate CA keys
-      community.crypto.openssl_privatekey_pipe:
-        type: "Ed25519"
-        content: "{{ vault_ovpn_ca_key | default(omit) }}"
-        return_current_key: yes
-      register: ovpn_ca_key_result
-      no_log: true
-
-    - name: create signing request for CA certificate
-      community.crypto.openssl_csr_pipe:
-        privatekey_content: "{{ ovpn_ca_key_result.privatekey }}"
-        CN: "CA for ele-router vpn"
-        useCommonNameForSAN: no
-        key_usage:
-        - cRLSign
-        - keyCertSign
-        key_usage_critical: yes
-        basic_constraints:
-        - 'CA:TRUE'
-        - 'pathlen:0'
-        basic_constraints_critical: yes
-      register: ovpn_ca_csr_result
-      changed_when: false
-
-    - name: create self-signed CA certificate
-      community.crypto.x509_certificate_pipe:
-        content: "{{ vault_ovpn_ca_cert | default(omit) }}"
-        csr_content: "{{ ovpn_ca_csr_result.csr }}"
-        privatekey_content: "{{ ovpn_ca_key_result.privatekey }}"
-        provider: selfsigned
-        selfsigned_digest: sha256
-        selfsigned_not_after: "+18250d" ## 50 years
-        selfsigned_create_subject_key_identifier: always_create
-      register: ovpn_ca_cert_result
-
-
-  - name: generate key
-    community.crypto.openssl_privatekey_pipe:
-      type: "Ed25519"
-      content: "{{ vault_ovpn_keys[inventory_hostname] | default(omit) }}"
-      return_current_key: yes
-    register: ovpn_key_result
-    no_log: true
-
-  - name: create signing request for certificate
-    community.crypto.openssl_csr_pipe:
-      privatekey_content: "{{ ovpn_key_result.privatekey }}"
-      CN: "{{ inventory_hostname }}"
-      key_usage:
-      - digitalSignature
-      - keyEncipherment
-      key_usage_critical: yes
-      extended_key_usage:
-      - "{{ (inventory_hostname == 'ele-router-hmtsaal') | ternary('serverAuth', 'clientAuth') }}"
-      extended_key_usage_critical: yes
-      basic_constraints:
-      - 'CA:FALSE'
-      basic_constraints_critical: yes
-    register: ovpn_csr_result
-    changed_when: false
-
-  - name: create certificate
-    community.crypto.x509_certificate_pipe:
-      content: "{{ vault_ovpn_certs[inventory_hostname] | default(omit) }}"
-      csr_content: "{{ ovpn_csr_result.csr }}"
-      privatekey_content: "{{ ovpn_key_result.privatekey }}"
-      provider: ownca
-      ownca_content: "{{ ovpn_ca_cert_result.certificate }}"
-      ownca_privatekey_content: "{{ ovpn_ca_key_result.privatekey }}"
-      ownca_digest: sha256
-      ownca_not_after: "+18250d" ## 50 years
-    register: ovpn_cert_result
-
-
-  - run_once: yes
-    set_fact:
-      vault_content: |
-        ---
-        vault_ovpn_ca_key: |
-          {{ ovpn_ca_key_result.privatekey | indent(2) }}
-        vault_ovpn_ca_cert: |
-          {{ ovpn_ca_cert_result.certificate | indent(2) }}
-        vault_ovpn_keys:
-        {% for host in play_hosts %}
-          {{ host }}: |
-            {{ hostvars[host].ovpn_key_result.privatekey | indent(4) }}
-        {% endfor %}
-        vault_ovpn_certs:
-        {% for host in play_hosts %}
-          {{ host }}: |
-            {{ hostvars[host].ovpn_cert_result.certificate | indent(4) }}
-        {% endfor %}
-
-  - pause:
-      prompt: "Please put this into a vault file: \n\n{{ vault_content }}"
-      seconds: 1