From 5756978238ad7b7f2fe8dc46d511cfbd5245c0c3 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 16 Aug 2023 23:38:07 +0200
Subject: uacme roles almost done

---
 roles/x509/uacme/base/tasks/selfsigned.yml | 47 ------------------------------
 1 file changed, 47 deletions(-)
 delete mode 100644 roles/x509/uacme/base/tasks/selfsigned.yml

(limited to 'roles/x509/uacme/base/tasks/selfsigned.yml')

diff --git a/roles/x509/uacme/base/tasks/selfsigned.yml b/roles/x509/uacme/base/tasks/selfsigned.yml
deleted file mode 100644
index fff77d42..00000000
--- a/roles/x509/uacme/base/tasks/selfsigned.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-- name: create directories for selfsigned interim certificate
-  loop:
-  - path: private/.self-signed
-    mode: "0700"
-  - path: .self-signed
-    mode: "0755"
-  loop_control:
-    label: "{{ item.path }}"
-  file:
-    path: "/var/lib/uacme.d/{{ item.path }}"
-    state: directory
-    mode: "{{ item.mode }}"
-
-- name: generate private key for selfsigned interim certificate
-  openssl_privatekey:
-    path: /var/lib/uacme.d/private/.self-signed/key.pem
-    mode: 0600
-
-- name: generate csr for selfsigned interim certificate
-  community.crypto.openssl_csr_pipe:
-    privatekey_path: /var/lib/uacme.d/private/.self-signed/key.pem
-    common_name: "{{ ansible_fqdn }}"
-  register: selfsigned_interim_cert_req
-  changed_when: false
-
-### this is needed because strftime filter in ansible is exceptionally stupid
-### see: https://github.com/ansible/ansible/issues/39835
-- name: get remote date-time 10s ago
-  command: date -d '10 seconds ago' -u '+%Y%m%d%H%M%SZ'
-  register: remote_datetime_10sago
-  changed_when: false
-
-- name: get remote date-time now
-  command: date -u '+%Y%m%d%H%M%SZ'
-  register: remote_datetime_now
-  changed_when: false
-
-- name: generate selfsigned interim certificate
-  community.crypto.x509_certificate:
-    path: /var/lib/uacme.d/.self-signed/cert.pem
-    privatekey_path: /var/lib/uacme.d/private/.self-signed/key.pem
-    csr_content: "{{ selfsigned_interim_cert_req.csr }}"
-    provider: selfsigned
-    ## make sure the certificate is not valid anymore to force uacme to create a new cert
-    selfsigned_not_before: "{{ remote_datetime_10sago.stdout }}"
-    selfsigned_not_after: "{{ remote_datetime_now.stdout }}"
-- 
cgit v1.2.3