From 73594369e3a59f9002c7d0513acff014508711d6 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <jean-marie.mineau@protonmail.com>
Date: Thu, 9 Sep 2021 20:27:24 +0200
Subject: [PATCH] move key_usage var to defaults

---
 roles/generate-cert/defaults/main.yml | 3 +++
 roles/generate-cert/tasks/main.yml    | 5 +----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/generate-cert/defaults/main.yml b/roles/generate-cert/defaults/main.yml
index ed97d53..448d42a 100644
--- a/roles/generate-cert/defaults/main.yml
+++ b/roles/generate-cert/defaults/main.yml
@@ -1 +1,4 @@
 ---
+key_usage:
+  - digitalSignature
+  - keyEncipherment
diff --git a/roles/generate-cert/tasks/main.yml b/roles/generate-cert/tasks/main.yml
index 2799fe5..aa05e2b 100644
--- a/roles/generate-cert/tasks/main.yml
+++ b/roles/generate-cert/tasks/main.yml
@@ -33,10 +33,7 @@
     basic_constraints:
       - CA:FALSE # syntax?
     basic_contraints_critical: yes
-    key_usage: # need more works on this
-      - digitalSignature
-      - keyEncipherment
-      - clientAuth
+    key_usage: "{{ key_usage }}"
     key_usage_critical: yes
     subject_alt_name: "{{ subject_alt_name | default(omit) }}"
     # TODO: add a revocation methode, most probably crl, with crl_distribution_points