Initial commit

2024-11-29 21:50:27 +00:00
commit 9940e21540
10 changed files with 837 additions and 0 deletions
--- a/roles/create_rootca/tasks/main.yml
+++ b/roles/create_rootca/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+- name: Install pki directory
+  ansible.builtin.file:
+    path: /etc/pki/
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Install CA directory
+  ansible.builtin.file:
+    path: /etc/pki/konchin.com/
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Create private key for root ca
+  community.crypto.openssl_privatekey:
+    path: /etc/pki/konchin.com/rootca.key
+    cipher: auto
+    passphrase: "{{ secret_ca_passphrase }}"
+
+- name: Create CSR for root ca
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: /etc/pki/konchin.com/rootca.key
+    privatekey_passphrase: "{{ secret_ca_passphrase }}"
+    common_name: Konchin.com CA
+    use_common_name_for_san: false
+    basic_constraints:
+      - 'CA:TRUE'
+    basic_constraints_critical: true
+    key_usage:
+      - keyCertSign
+    key_usage_critical: true
+  register: ca_csr
+
+- name: Create cert for root ca
+  community.crypto.x509_certificate:
+    path: /etc/pki/konchin.com/rootca.pem
+    csr_content: "{{ ca_csr.csr }}"
+    privatekey_path: /etc/pki/konchin.com/rootca.key
+    privatekey_passphrase: "{{ secret_ca_passphrase }}"
+    provider: selfsigned