/
cert.yml
33 lines (27 loc) · 1.18 KB
/
cert.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
- name: "cert: Generate OpenSSL private key, request, and certificate"
block:
- name: "cert: Generate private key {{ poudriere_cert_key }}"
community.crypto.openssl_privatekey:
path: "{{ poudriere_cert_key }}"
owner: "{{ poudriere_owner }}"
group: "{{ poudriere_group }}"
mode: "{{ poudriere_ssl_private_key_mode }}"
- name: "cert: Generate csr {{ poudriere_cert_csr }}"
community.crypto.openssl_csr:
path: "{{ poudriere_cert_csr }}"
privatekey_path: "{{ poudriere_cert_key }}"
common_name: "{{ poudriere_cert_cn }}"
when: not ansible_check_mode|bool
- name: "cert: Generate crt {{ poudriere_cert_path }}"
community.crypto.x509_certificate:
path: "{{ poudriere_cert_path }}"
privatekey_path: "{{ poudriere_cert_key }}"
csr_path: "{{ poudriere_cert_csr }}"
provider: selfsigned
when: not ansible_check_mode|bool
# <TBD>
# It seems, it’s not possible to force pkg accept self-signed https certificate.
# See https://www.digitalocean.com/community/tutorials/how-to-set-up-a-poudriere-build-system-to-create-packages-for-your-freebsd-servers?comment=97460
# EOF
...