jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-10 18:46:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
roles/openxpki/templates/config.d/realm/profile/default.yaml.j2 Normal file
View File

@@ -0,0 +1,69 @@
key:
alg:
- rsa
- ec
- dsa
enc:
- aes256
generate: both
rsa:
key_length:
- 2048
- 4096
ec:
curve_name:
- prime256v1
- secp384r1
- secp521r1
dsa:
key_length:
- 2048
- 4096
validity:
notafter: +01
digest: sha256
increasing_serials: 1
randomized_serial_bytes: 8
publish:
- disk
extensions:
basic_constraints:
critical: 1
ca: 0
path_length: 0
subject_key_identifier:
critical: 0
hash: 1
authority_key_identifier:
critical: 0
keyid: 1
issuer: 0
issuer_alt_name:
critical: 0
copy: 0
crl_distribution_points:
critical: 0
uri:
- {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl
authority_info_access:
critical: 0
ca_issuers: {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/ca
ocsp: {{ pki_base_url }}
policy_identifier:
critical: 0

52
roles/openxpki/templates/config.d/realm/profile/signer.yaml.j2 Normal file
View File

@@ -0,0 +1,52 @@
label: Signer
validity:
notafter: +0006
style:
00_user_basic_style:
label: signer
description: Application authenticity and deployment security
ui:
subject:
- username
- realname
- department
- email
info:
- comment
subject:
dn: CN=[% realname %]+UID=[% username %][% IF department %],DC=[% department %][% END %],{{ item.0.subj_suffix }}
san:
email: "[% email.lower %]"
metadata:
requestor: "[% realname %]"
email: "[% email %]"
department: "[% department %]"
extensions:
key_usage:
critical: 1
digital_signature: 1
non_repudiation: 1
key_encipherment: 1
data_encipherment: 0
key_agreement: 0
key_cert_sign: 0
crl_sign: 0
encipher_only: 0
decipher_only: 0
extended_key_usage:
critical: 1
client_auth: 0
server_auth: 0
email_protection: 0
code_signing: 1
time_stamping: 1
ocsp_signing: 0
# MS Smartcard Logon
1.3.6.1.4.1.311.20.2.2: 0

58
roles/openxpki/templates/config.d/realm/profile/tls_client.yaml.j2 Normal file
View File

@@ -0,0 +1,58 @@
# The name of the file equals the name of the profile
label: I18N_OPENXPKI_UI_PROFILE_TLS_CLIENT_LABEL
validity:
notafter: +01
style:
00_basic_style:
label: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_LABEL
description: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_DESC
ui:
subject:
- hostname
- application_name
info:
- requestor_gname
- requestor_name
- requestor_email
- requestor_affiliation
- comment
subject:
dn: CN=[% hostname %]:[% application_name %],{{ item.0.subj_suffix }}
metadata:
requestor: "[% requestor_gname %] [% requestor_name %]"
email: "[% requestor_email %]"
entity: "[% hostname FILTER lower %]"
enroll:
subject:
dn: CN=[% CN.0 %],{{ item.0.subj_suffix }}
# Profile extensions - set 0/1 as needed
extensions:
key_usage:
critical: 1
digital_signature: 1
non_repudiation: 0
key_encipherment: 0
data_encipherment: 0
key_agreement: 0
key_cert_sign: 0
crl_sign: 0
encipher_only: 0
decipher_only: 0
extended_key_usage:
critical: 1
client_auth: 1
server_auth: 0
email_protection: 0
code_signing: 0
time_stamping: 0
ocsp_signing: 0

123
roles/openxpki/templates/config.d/realm/profile/tls_server.yaml.j2 Normal file
View File

@@ -0,0 +1,123 @@
# The name of the file equals the name of the profile
label: I18N_OPENXPKI_UI_PROFILE_TLS_SERVER_LABEL
validity:
notafter: +0006
style:
00_basic_style:
label: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_LABEL
description: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_DESC
ui:
subject:
- hostname
- hostname2
- port
info:
- requestor_gname
- requestor_name
- requestor_email
- requestor_affiliation
- comment
subject:
dn: CN=[% hostname.lower %][% IF port AND port != 443 %]:[% port %][% END %],{{ item.0.subj_suffix }}
san:
DNS:
- "[% hostname.lower %]"
- "[% FOREACH entry = hostname2 %][% entry.lower %] | [% END %]"
metadata:
requestor: "[% requestor_gname %] [% requestor_name %]"
email: "[% requestor_email %]"
entity: "[% hostname FILTER lower %]"
05_advanced_style:
label: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_LABEL
description: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_DESC
ui:
subject:
- cn
- o
- ou
- dc
- c
san:
- san_ipv4
- san_dns
info:
- requestor_gname
- requestor_name
- requestor_email
- requestor_affiliation
- comment
subject:
dn: CN=[% CN %][% IF OU %][% FOREACH entry = OU %],OU=[% entry %][% END %][% END %][% IF O %],O=[% O %][% END %][% FOREACH entry = DC %],DC=[% entry %][% END %][% IF C %],C=[% C %][% END %]
# no san definitions here as items from ui.san are directly written to the SAN
enroll:
subject:
dn: CN=[% CN.0 %],{{ item.0.subj_suffix }}
san:
dns: "[% FOREACH entry = SAN_DNS %][% entry.lower %] | [% END %]"
metadata:
system_id: "[% data.cust_id %]"
server_id: "[% data.server_id %]"
entity: "[% CN.0 FILTER lower %]"
# Profile extensions - set 0/1 as needed
# Also see sections defined in default.yaml
extensions:
key_usage:
critical: 1
digital_signature: 1
non_repudiation: 0
key_encipherment: 1
data_encipherment: 0
key_agreement: 1
key_cert_sign: 0
crl_sign: 0
encipher_only: 0
decipher_only: 0
extended_key_usage:
critical: 1
# these are OIDs, some OIDs are known and have names
client_auth: 0
server_auth: 1
email_protection: 0
code_signing: 0
time_stamping: 0
ocsp_signing: 0
# This is really outdated and should not be used unless really necessary
netscape:
comment:
critical: 0
text: This is a generic certificate. Generated with OpenXPKI trustcenter software.
certificate_type:
critical: 0
ssl_client: 0
smime_client: 0
object_signing: 0
ssl_client_ca: 0
smime_client_ca: 0
object_signing_ca: 0
cdp:
critical: 0
uri: http://localhost/cacrl.crt
ca_uri: http://localhost/cacrl.crt
# end of netscape section
# end of extensions
# Define the input fields you used below here
#template:

61
roles/openxpki/templates/config.d/realm/profile/user_auth_enc.yaml.j2 Normal file
View File

@@ -0,0 +1,61 @@
# The name of the file equals the name of the profile
label: I18N_OPENXPKI_UI_PROFILE_USER_LABEL
validity:
notafter: +0006
style:
00_user_basic_style:
label: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_LABEL
description: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_DESC
ui:
subject:
- username
- realname
- department
- email
info:
- comment
subject:
dn: CN=[% realname %]+UID=[% username %][% IF department %],DC=[% department %][% END %],{{ item.0.subj_suffix }}
san:
email: "[% email.lower %]"
metadata:
requestor: "[% realname %]"
email: "[% email %]"
department: "[% department %]"
# Profile extensions - set 0/1 as needed
# Also see sections defined in default.yaml
extensions:
key_usage:
critical: 1
digital_signature: 1
non_repudiation: 1
key_encipherment: 1
data_encipherment: 0
key_agreement: 0
key_cert_sign: 0
crl_sign: 0
encipher_only: 0
decipher_only: 0
extended_key_usage:
critical: 1
client_auth: 1
server_auth: 0
email_protection: 1
code_signing: 0
time_stamping: 0
ocsp_signing: 0
# MS Smartcard Logon
1.3.6.1.4.1.311.20.2.2: 1
# Define the input fields you used below here or in template.yaml
#template: