37 lines
1.5 KiB
YAML
37 lines
1.5 KiB
YAML
- name: generate root ca
|
|
command: openssl req \
|
|
-x509 \
|
|
-new \
|
|
-nodes \
|
|
-newkey rsa:2048 \
|
|
-keyout "{{ data_folder }}/nginx/rootca.key" \
|
|
-out "{{ data_folder }}/nginx/rootca.pem" \
|
|
-sha256 \
|
|
-days 3650 \
|
|
-subj "/C=CZ/L=Prague/CN=Homelab/emailAddress={{ admin_email }}"
|
|
- name: generate wildcard csr
|
|
command: openssl req \
|
|
-new \
|
|
-nodes \
|
|
-newkey rsa:2048 \
|
|
-keyout "{{ data_folder }}/nginx/{{ base_domain }}.key" \
|
|
-out "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
|
|
-subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
|
|
- name: sign wildcard csr with root ca
|
|
command: openssl x509 \
|
|
-req \
|
|
-in "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
|
|
-CA "{{ data_folder }}/nginx/rootca.pem" \
|
|
-CAkey "{{ data_folder }}/nginx/rootca.key" \
|
|
-CAcreateserial \
|
|
-out "{{ data_folder }}/nginx/{{ base_domain }}.crt" \
|
|
-days 3650 \
|
|
-sha256
|
|
- name: install root ca
|
|
command: trust anchor "{{ data_folder }}/nginx/rootca.pem"
|
|
become: yes
|
|
- name: copy .conf file
|
|
template:
|
|
src: nginx.conf.j2
|
|
dest: "{{ data_folder }}/nginx/nginx.conf"
|
|
mode: '0755' |