36 lines
1005 B
YAML
36 lines
1005 B
YAML
---
|
|
- name: Install ad initialize the private CA
|
|
tags: ['mkcert', 'pki']
|
|
block:
|
|
- name: Create the {{ mkcert_user }} user
|
|
ansible.builtin.user:
|
|
name: "{{ mkcert_user }}"
|
|
home: "{{ mkcert_home }}"
|
|
comment: "{{ mkcert_gecos }}"
|
|
createhome: true
|
|
shell: /usr/sbin/nologin
|
|
system: true
|
|
groups: "{{ mkcert_user_additional_groups }}"
|
|
append: true
|
|
|
|
- name: Install the sudoers file for the CA user
|
|
ansible.builtin.template:
|
|
src: sudoers-ca.j2
|
|
dest: "/etc/sudoers.d/{{ mkcert_user }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0440
|
|
|
|
- name: Install the mkcert package
|
|
ansible.builtin.apt:
|
|
pkg: mkcert
|
|
state: present
|
|
cache_valid_time: 1800
|
|
|
|
- name: Initialize the CA used by mkcert
|
|
become_user: "{{ mkcert_user }}"
|
|
ansible.builtin.command:
|
|
cmd: mkcert -install
|
|
args:
|
|
creates: "{{ mkcert_home }}/.local/share/mkcert/rootCA.pem"
|