diff --git a/roles/debian_server/tasks/main.yml b/roles/debian_server/tasks/main.yml index f9d46568b2f80f2fe780b99915c3038049117aaa..ef8bce55e9d34322abea284ebd6dd855c1076303 100644 --- a/roles/debian_server/tasks/main.yml +++ b/roles/debian_server/tasks/main.yml @@ -37,6 +37,7 @@ - fwupd - intel-microcode - libpam-mount-bin + - python3-cryptography - rsync - tmux - ufw @@ -115,6 +116,37 @@ path: /var/ssl state: directory +# I know that I can use Ansible modules instead of calling OpenSSL directly, but +# with the command module I can easily skip the task if the private key or the +# certificate already exist. The point is to create an SSL and self-signed +# certificate only as a bootstrap step. Once there is an existing (and assumed +# valid) certificate, don't overwrite it. + +- name: Create private SSL key + command: + cmd: openssl genrsa -out /var/ssl/site.key 4096 + creates: /var/ssl/site.key + +- name: Create SSL certificate + command: + cmd: >- + openssl + req + -x509 + -out /var/ssl/site.crt + -nodes + -key /var/ssl/site.key + -batch + creates: /var/ssl/site.crt + +- name: Create Diffie-Hellman Parameters file + community.crypto.openssl_dhparam: + force: false + mode: 0o0644 + path: /var/ssl/dhparams + size: 4096 + state: present + - name: Copy btrfs copy script copy: dest: /usr/local/sbin/btrfs-backup