GregoryDosh
981f336d5a
All checks were successful
Version Bump Galaxy.yml / Version Bump Galaxy.yml (push) Successful in 4s
34 lines
1.5 KiB
YAML
34 lines
1.5 KiB
YAML
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
# SPDX-FileCopyrightText: 2025 Dosh LLC
|
|
---
|
|
SSL_CERT_SAN:
|
|
- "{{ ansible_fqdn }}"
|
|
|
|
STEP_BIN_NAME: "step"
|
|
STEP_USER_NAME: "root"
|
|
STEP_GROUP_NAME: "{{ 'wheel' if ansible_os_family == 'FreeBSD' else 'root' }}"
|
|
STEP_PATH: "{{ '/usr/local' if ansible_os_family == 'FreeBSD' else '' }}/etc/step-ca/"
|
|
STEP_CONFIG_PATH: "{{ STEP_PATH }}config/"
|
|
STEP_CERTS_PATH: "{{ STEP_PATH }}certs/"
|
|
STEP_SCRIPTS_PATH: "{{ STEP_PATH }}scripts/"
|
|
STEP_CERTS_ACME_CA_PROVISIONER: "{{ lookup('ansible.builtin.env', 'STEP_CERTS_ACME_CA_PROVISIONER') }}"
|
|
STEP_CERTS_ACME_CRT: "acme.crt"
|
|
STEP_CERTS_ACME_KEY: "acme.key"
|
|
STEP_CERTS_ROOT_CRT: "root_ca.crt"
|
|
STEP_CERTS_BUNDLE_CRT: "bundle.crt" # fullchain.pem
|
|
STEP_CERTS_SSH_ROOT: "ssh_host_ecdsa"
|
|
STEP_CERTS_SSH_PRIVATE_KEY: "{{ STEP_CERTS_SSH_ROOT }}"
|
|
STEP_CERTS_SSH_PUBLIC_KEY: "{{ STEP_CERTS_SSH_ROOT }}.pub"
|
|
STEP_CERTS_SSH_HOST_CERT: "{{ STEP_CERTS_SSH_ROOT }}-cert.pub"
|
|
STEP_CERTS_SSH_TRUSTED_USER_CA_KEYS: "trusted_user_ca_key.crt"
|
|
STEP_BOOTSTRAP_URL: "https://ca.auengun.net"
|
|
STEP_BOOTSTRAP_FINGERPRINT: "{{ lookup('ansible.builtin.env', 'STEP_BOOTSTRAP_FINGERPRINT') }}"
|
|
STEP_BOOTSTRAP_HOST: false # deprecated: enable on ad-hoc basis until future PKI rewrite
|
|
STEP_BOOTSTRAP_HOST_INSTALL: true
|
|
|
|
STEP_WEBROOT_PATH: ""
|
|
|
|
STEP_HC_RENEWAL_NAME: "Cert - ACME/SSH - {{ inventory_hostname_short }} 🔄"
|
|
STEP_HC_FILE_NAME: "hc-renew-certs"
|
|
STEP_HC_RENEWAL_TAGS: "certs 🔄 {{ inventory_hostname_short }}"
|
|
STEP_HC_RENEWAL_CRON: "*/4" # Every 4 hours
|