mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-09 05:23:16 +02:00
46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
---
|
|
|
|
- name: Gather Facts
|
|
setup:
|
|
|
|
- name: Ensure the algo ssh key exist on the server
|
|
authorized_key:
|
|
user: "{{ ansible_ssh_user }}"
|
|
state: present
|
|
key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
|
|
tags: [ 'cloud' ]
|
|
|
|
- name: Enable IPv6
|
|
set_fact:
|
|
ipv6_support: true
|
|
when: ansible_default_ipv6.gateway is defined
|
|
|
|
- name: Set facts if the deployment in a cloud
|
|
set_fact:
|
|
cloud_deployment: true
|
|
tags: ['cloud']
|
|
|
|
- name: Generate password for the CA key
|
|
local_action:
|
|
module: shell
|
|
openssl rand -hex 16
|
|
become: no
|
|
register: CA_password
|
|
|
|
- name: Generate p12 export password
|
|
local_action:
|
|
module: shell
|
|
openssl rand 8 | python -c 'import sys,string; chars=string.ascii_letters + string.digits + "_@"; print "".join([chars[ord(c) % 64] for c in list(sys.stdin.read())])'
|
|
become: no
|
|
register: p12_export_password_generated
|
|
when: p12_export_password is not defined
|
|
|
|
- name: Define password facts
|
|
set_fact:
|
|
easyrsa_p12_export_password: "{{ p12_export_password|default(p12_export_password_generated.stdout) }}"
|
|
easyrsa_CA_password: "{{ CA_password.stdout }}"
|
|
|
|
- name: Define the commonName
|
|
set_fact:
|
|
IP_subject_alt_name: "{{ IP_subject_alt_name }}"
|
|
DNS_subject_alt_name: "{{ DNS_subject_alt_name }}"
|