50 lines
1.7 KiB
YAML
50 lines
1.7 KiB
YAML
---
|
|
- name: Create https repository
|
|
block:
|
|
- name: Create repo dir
|
|
ansible.builtin.file:
|
|
path: "{{ repo_data_dir }}"
|
|
state: directory
|
|
mode: 0777
|
|
|
|
- name: Copy repo.conf
|
|
ansible.builtin.copy:
|
|
src: files/repo.conf
|
|
dest: "{{ rproxy_dir }}/sites/repo.conf"
|
|
|
|
- name: Copy repo certificate cnf
|
|
ansible.builtin.template:
|
|
src: templates/repo.cnf.j2
|
|
dest: '{{ rproxy_dir }}/certs/repo.cnf'
|
|
|
|
- name: Generate repo certificate key
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/repo.key 2048'
|
|
|
|
- name: Generate server csr
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl req -key {{ rproxy_dir }}/certs/repo.key -new -out {{ rproxy_dir }}/certs/repo.csr -config {{ rproxy_dir }}/certs/repo.cnf'
|
|
|
|
- name: Sign server certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/repo.csr -out {{ rproxy_dir }}/certs/repo.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/repo.cnf -days 365 -extensions v3_x509'
|
|
|
|
- name: Create fullchain certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/repo.crt'
|
|
|
|
- name: Delete csr
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/repo.csr"
|
|
state: absent
|
|
|
|
- name: Delete cnf
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/repo.cnf"
|
|
state: absent
|
|
|
|
- name: Restart rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ rproxy_dir }}"
|
|
build: false
|
|
restarted: true |