diff --git a/roles/generate-cert/LICENSE b/roles/generate-cert/LICENSE
deleted file mode 100644
index f234cd5..0000000
--- a/roles/generate-cert/LICENSE
+++ /dev/null
@@ -1,167 +0,0 @@
- GNU LESSER GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc.
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-
- This version of the GNU Lesser General Public License incorporates
-the terms and conditions of version 3 of the GNU General Public
-License, supplemented by the additional permissions listed below.
-
- 0. Additional Definitions.
-
- As used herein, "this License" refers to version 3 of the GNU Lesser
-General Public License, and the "GNU GPL" refers to version 3 of the GNU
-General Public License.
-
- "The Library" refers to a covered work governed by this License,
-other than an Application or a Combined Work as defined below.
-
- An "Application" is any work that makes use of an interface provided
-by the Library, but which is not otherwise based on the Library.
-Defining a subclass of a class defined by the Library is deemed a mode
-of using an interface provided by the Library.
-
- A "Combined Work" is a work produced by combining or linking an
-Application with the Library. The particular version of the Library
-with which the Combined Work was made is also called the "Linked
-Version".
-
- The "Minimal Corresponding Source" for a Combined Work means the
-Corresponding Source for the Combined Work, excluding any source code
-for portions of the Combined Work that, considered in isolation, are
-based on the Application, and not on the Linked Version.
-
- The "Corresponding Application Code" for a Combined Work means the
-object code and/or source code for the Application, including any data
-and utility programs needed for reproducing the Combined Work from the
-Application, but excluding the System Libraries of the Combined Work.
-
- 1. Exception to Section 3 of the GNU GPL.
-
- You may convey a covered work under sections 3 and 4 of this License
-without being bound by section 3 of the GNU GPL.
-
- 2. Conveying Modified Versions.
-
- If you modify a copy of the Library, and, in your modifications, a
-facility refers to a function or data to be supplied by an Application
-that uses the facility (other than as an argument passed when the
-facility is invoked), then you may convey a copy of the modified
-version:
-
- a) under this License, provided that you make a good faith effort to
- ensure that, in the event an Application does not supply the
- function or data, the facility still operates, and performs
- whatever part of its purpose remains meaningful, or
-
- b) under the GNU GPL, with none of the additional permissions of
- this License applicable to that copy.
-
- 3. Object Code Incorporating Material from Library Header Files.
-
- The object code form of an Application may incorporate material from
-a header file that is part of the Library. You may convey such object
-code under terms of your choice, provided that, if the incorporated
-material is not limited to numerical parameters, data structure
-layouts and accessors, or small macros, inline functions and templates
-(ten or fewer lines in length), you do both of the following:
-
- a) Give prominent notice with each copy of the object code that the
- Library is used in it and that the Library and its use are
- covered by this License.
-
- b) Accompany the object code with a copy of the GNU GPL and this license
- document.
-
- 4. Combined Works.
-
- You may convey a Combined Work under terms of your choice that,
-taken together, effectively do not restrict modification of the
-portions of the Library contained in the Combined Work and reverse
-engineering for debugging such modifications, if you also do each of
-the following:
-
- a) Give prominent notice with each copy of the Combined Work that
- the Library is used in it and that the Library and its use are
- covered by this License.
-
- b) Accompany the Combined Work with a copy of the GNU GPL and this license
- document.
-
- c) For a Combined Work that displays copyright notices during
- execution, include the copyright notice for the Library among
- these notices, as well as a reference directing the user to the
- copies of the GNU GPL and this license document.
-
- d) Do one of the following:
-
- 0) Convey the Minimal Corresponding Source under the terms of this
- License, and the Corresponding Application Code in a form
- suitable for, and under terms that permit, the user to
- recombine or relink the Application with a modified version of
- the Linked Version to produce a modified Combined Work, in the
- manner specified by section 6 of the GNU GPL for conveying
- Corresponding Source.
-
- 1) Use a suitable shared library mechanism for linking with the
- Library. A suitable mechanism is one that (a) uses at run time
- a copy of the Library already present on the user's computer
- system, and (b) will operate properly with a modified version
- of the Library that is interface-compatible with the Linked
- Version.
-
- e) Provide Installation Information, but only if you would otherwise
- be required to provide such information under section 6 of the
- GNU GPL, and only to the extent that such information is
- necessary to install and execute a modified version of the
- Combined Work produced by recombining or relinking the
- Application with a modified version of the Linked Version. (If
- you use option 4d0, the Installation Information must accompany
- the Minimal Corresponding Source and Corresponding Application
- Code. If you use option 4d1, you must provide the Installation
- Information in the manner specified by section 6 of the GNU GPL
- for conveying Corresponding Source.)
-
- 5. Combined Libraries.
-
- You may place library facilities that are a work based on the
-Library side by side in a single library together with other library
-facilities that are not Applications and are not covered by this
-License, and convey such a combined library under terms of your
-choice, if you do both of the following:
-
- a) Accompany the combined library with a copy of the same work based
- on the Library, uncombined with any other library facilities,
- conveyed under the terms of this License.
-
- b) Give prominent notice with the combined library that part of it
- is a work based on the Library, and explaining where to find the
- accompanying uncombined form of the same work.
-
- 6. Revised Versions of the GNU Lesser General Public License.
-
- The Free Software Foundation may publish revised and/or new versions
-of the GNU Lesser General Public License from time to time. Such new
-versions will be similar in spirit to the present version, but may
-differ in detail to address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Library as you received it specifies that a certain numbered version
-of the GNU Lesser General Public License "or any later version"
-applies to it, you have the option of following the terms and
-conditions either of that published version or of any later version
-published by the Free Software Foundation. If the Library as you
-received it does not specify a version number of the GNU Lesser
-General Public License, you may choose any version of the GNU Lesser
-General Public License ever published by the Free Software Foundation.
-
- If the Library as you received it specifies that a proxy can decide
-whether future versions of the GNU Lesser General Public License shall
-apply, that proxy's public statement of acceptance of any version is
-permanent authorization for you to choose that version for the
-Library.
-
-
diff --git a/roles/generate-cert/README.md b/roles/generate-cert/README.md
deleted file mode 100644
index ce5aeca..0000000
--- a/roles/generate-cert/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# generate-cert
-
-This role is part of the project [Ansible Hacky PKI](https://gitea.auro.re/histausse/ansible_hacky_pki) licenced under the LGPL 3.
-
-You can use it to generate certificate and manage de small pki, but keep it mind that this program is distributed **WITHOUT ANY WARRANTY**.
-In particular, the **security** of the pki generated and the process of generated the pki **is not guaranteed**. If you find any vulnerability,
-please contact me to see if we can find a patch.
-
-Copyright 2021 Jean-Marie Mineau
diff --git a/roles/generate-cert/defaults/main.yml b/roles/generate-cert/defaults/main.yml
deleted file mode 100644
index b104186..0000000
--- a/roles/generate-cert/defaults/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-key_usage:
- - digitalSignature
- - keyEncipherment
-validity_duration: "+365d"
-time_before_expiration_for_renewal: "+30d" # need a better name
-force_renewal: no
-store_directory: /etc/hackypky
diff --git a/roles/generate-cert/tasks/main.yml b/roles/generate-cert/tasks/main.yml
deleted file mode 100644
index afd91c7..0000000
--- a/roles/generate-cert/tasks/main.yml
+++ /dev/null
@@ -1,165 +0,0 @@
----
-- name: Ensure the directories used to store certs exist
- file:
- path: "{{ item }}"
- state: directory
- group: root
- owner: root
- mode: u=rwx,g=rx,o=rx
- loop:
- - "{{ store_directory }}"
- - "{{ store_directory }}/crts"
- - "{{ store_directory }}/keys"
-
-- name: Ensure the directory containing the cert exist
- file:
- path: "{{ directory }}"
- state: directory
-
-- name: Test if the key already exist
- stat:
- path: "{{ store_directory}}/keys/{{ cname }}.key"
- register: key_file
-
-- name: Test if the cert already exist
- stat:
- path: "{{ store_directory}}/crts/{{ cname }}.crt"
- register: cert_file
-
-- name: Test if we need to renew the certificate
- openssl_certificate_info:
- path: "{{ store_directory }}/crts/{{ cname }}.crt"
- valid_at:
- renewal: "{{ time_before_expiration_for_renewal }}"
- register: validity
- when: cert_file.stat.exists
-
-- name: Generate the certificate
- block:
- - name: Generate private key
- become: false
- openssl_privatekey:
- path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
- mode: u=rw,g=,o=
- size: "{{ key_size | default(omit) }}"
- delegate_to: localhost
-
- - name: Generate a Certificate Signing Request
- become: false
- openssl_csr:
- path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
- privatekey_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
- common_name: "{{ cname }}"
- country_name: "{{ country_name | default(omit) }}"
- locality_name: "{{ locality_name | default(omit) }}"
- state_or_province_name: "{{ state_or_province_name | default(omit) }}"
- organization_name: "{{ organization_name | default(omit) }}"
- organizational_unit_name: "{{ organizational_unit_name | default(omit) }}"
- email_address: "{{ email_address | default(omit) }}"
- basic_constraints:
- - CA:FALSE # syntax?
- basic_constraints_critical: yes
- key_usage: "{{ key_usage }}"
- key_usage_critical: yes
- subject_alt_name: "{{ subject_alt_name | default(omit) }}"
- crl_distribution_points: "{{ crl_distribution_points | default(omit) }}"
- delegate_to: localhost
-
- - name: Put the CA in a file
- become: false
- copy:
- content: "{{ ca_cert }}"
- dest: "/tmp/ansible_hacky_pki_ca.crt"
- delegate_to: localhost
-
- - name: Put the CA key in a file
- become: false
- copy:
- content: "{{ ca_key }}"
- dest: "/tmp/ansible_hacky_pki_ca.key"
- mode: u=rw,g=,o=
- delegate_to: localhost
- no_log: yes
-
- - name: Sign the certificate
- become: false
- openssl_certificate:
- path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
- csr_path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
- ownca_not_after: "{{ validity_duration }}"
- ownca_path: /tmp/ansible_hacky_pki_ca.crt
- ownca_privatekey_passphrase: "{{ ca_passphrase }}"
- ownca_privatekey_path: /tmp/ansible_hacky_pki_ca.key
- provider: ownca
- delegate_to: localhost
-
- - name: Send private key to the server
- copy:
- src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
- dest: "{{ store_directory }}/keys/{{ cname }}.key"
- owner: "{{ owner | default('root') }}"
- group: "{{ group | default('root') }}"
- mode: "{{ key_mode | default('u=rw,g=,o=') }}"
- no_log: yes
-
- - name: Send certificate to the server
- copy:
- src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
- dest: "{{ store_directory }}/crts/{{ cname }}.crt"
- owner: "{{ owner | default('root') }}"
- group: "{{ group | default('root') }}"
- mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
-
- # Clean up
- - name: Remove the local cert key
- become: false
- file:
- path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
- state: absent
- delegate_to: localhost
-
- - name: Remove the CSR
- become: false
- file:
- path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
- state: absent
- delegate_to: localhost
-
- - name: Remove the local certificate
- become: false
- file:
- path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
- state: absent
- delegate_to: localhost
-
- - name: Remove the CA certificate
- become: false
- file:
- path: /tmp/ansible_hacky_pki_ca.crt
- state: absent
- delegate_to: localhost
-
- - name: Remove the CA key
- become: false
- file:
- path: /tmp/ansible_hacky_pki_ca.key
- state: absent
- delegate_to: localhost
- when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
-
-- name: Create the link to cert
- file:
- src: "{{ store_directory }}/crts/{{ cname }}.crt"
- dest: "{{ directory }}/{{ cname }}.crt"
- owner: "{{ owner | default('root') }}"
- group: "{{ group | default('root') }}"
- state: link
-
-- name: Create the link to key
- file:
- src: "{{ store_directory }}/keys/{{ cname }}.key"
- dest: "{{ directory }}/{{ cname }}.key"
- owner: "{{ owner | default('root') }}"
- group: "{{ group | default('root') }}"
- state: link
-