ansible-infra/playbooks/roles/cert/meta/argument_specs.yaml
julian f4a79fb4e2 Make it possible to set custom permissions for certificate files
This is in preparation for a role using OpenSMTPD.
2023-05-09 22:07:44 +02:00

52 lines
1.5 KiB
YAML

---
argument_specs:
main:
short_description: Orders and renews certificates from Let's Encrypt
options:
cert__domains:
description: Domains for which to issue a certificate. Must be in the same DNS zone.
required: true
type: list
elements: str
cert__owner:
description: Owner of the certificate files.
required: false
type: str
default: root
cert__group:
description: Group of the certificate files.
required: false
type: str
default: root
cert__acme_account_email:
description: E-Mail address for ACME account
required: true
type: str
cert__bind_9_host:
description: The machine running BIND 9.
required: true
type: str
cert__bind_9_zone:
description: The zone to use for publishing the TXT record.
required: true
type: str
cert__fullchain_pem_permissions:
description: Permissons for the `fullchain.pem`.
type: str
required: false
default: "0660"
cert__chain_pem_permissions:
description: Permissons for the `chain.pem`.
type: str
required: false
default: "0660"
cert__cert_pem_permissions:
description: Permissons for the `cert.pem`.
type: str
required: false
default: "0660"
cert__privkey_pem_permissions:
description: Permissons for the `privkey.pem`.
type: str
required: false
default: "0600"