{"id":21162165,"url":"https://github.com/pixelart/ansible-role-nssdb","last_synced_at":"2025-03-14T16:13:10.825Z","repository":{"id":136831415,"uuid":"80839829","full_name":"pixelart/ansible-role-nssdb","owner":"pixelart","description":"Ansible Role: NSS Shared DB","archived":false,"fork":false,"pushed_at":"2020-03-06T19:29:59.000Z","size":17,"stargazers_count":4,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-21T09:31:21.794Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pixelart.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-03T15:09:19.000Z","updated_at":"2021-11-07T11:08:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"510c451b-c455-4d96-a131-3d51db9e287d","html_url":"https://github.com/pixelart/ansible-role-nssdb","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelart%2Fansible-role-nssdb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelart%2Fansible-role-nssdb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelart%2Fansible-role-nssdb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelart%2Fansible-role-nssdb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pixelart","download_url":"https://codeload.github.com/pixelart/ansible-role-nssdb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243606962,"owners_count":20318314,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T13:22:52.122Z","updated_at":"2025-03-14T16:13:10.798Z","avatar_url":"https://github.com/pixelart.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Role: NSS Shared DB\n\n[![Build Status](https://travis-ci.org/pixelart/ansible-role-nssdb.svg?branch=master)](https://travis-ci.org/pixelart/ansible-role-nssdb)\n\nInstalls CA certificates into NSS Shared DB on Ubuntu or Debian, like Google Chrome uses it.\n\n## Requirements\n\n  - The CA certificate should be already installed on the target host. You can use `bdellegrazie.ca-certificates` for that as you still need that for curl and for PHP.\n\n## Role Variables\n\nAvailable variables are listed below, along with default values (see `defaults/main.yml`):\n\n    certutils_package_state: installed\n\nBy default, this is set to 'installed'. You can override this variable to 'latest' if you want to upgrade or have switched to a different repo.\n\n    nssdb_users: []\n    \nAdd a list of user account names for which the certificates should be managed too, beside system-wide `/etc/pki/nssdb`. This is needed, e.g for Google Chrome which only opens the users nssdb :sob:\n\n    nssdb_certificates: []\n\nAdd a list of certificates to install into `/etc/pki/nssdb` with a `name`, `path` and `trust` trust attributes (See `certutil -H -A` for help of the `-t trustargs` parameter), e.g. `CT,c,c` for trust on signing websites (like Chrome need it), or `CT,C,C` to trust on signing websites, S/MIME (mail) certificates and code signing.\n\nOrganize your cert name as `cert common name - cert organization` so Chrome can show it neatly\n\n    nssdb_certificates:\n      # Install CAcert CA and trust on websites, S/MIME and code signing.\n      - name: CA Cert Signing Authority - Root CA\n        path: /usr/local/share/ca-certificates/cacert.crt\n        trust: CT,C,C\n      # Install corporate CA and trust only on websites\n      - name: Acme CA - Acme Corp\n        path: /usr/local/share/ca-certificates/acme.crt\n        trust: CT,c,c\n\n## Dependencies\n\nNone, but you can use `bdellegrazie.ca-certificates` to transfer the certificates on the target host and install them for curl, php and so on too.\n\n## Example Playbook\n\n    - hosts: phpdevs\n    \n      pre_tasks:\n        - name: Download CA Cert Signing Authority\n          uri:\n            url: 'http://www.cacert.org/certs/root.crt'\n            return_content: true\n          register: cacert_pem\n    \n      vars_files:\n        - vars/main.yml\n        \n      roles:\n        - bdellegrazie.ca-certificates\n        - pixelart.nssdb\n        \n*Inside `vars/main.yml`*:\n\n    ca_certificates_trusted:\n      - { pem: \"{{ cacert_pem.content }}\", name: cacert }\n      - { pem: \"{{ lookup('file', 'files/ssl/acme-ca.pem') }}\", name: acme }\n\n    nssdb_users: ['username']\n    nssdb_certificates:\n      - name: CA Cert Signing Authority - Root CA\n        path: '{{ ca_certificates_local_dir }}/cacert.crt'\n        trust: CT,C,C\n      - name: Acme CA - Acme Corp\n        path: /usr/local/share/ca-certificates/acme.crt\n        trust: CT,c,c\n\nAfter the playbook runs the certificates are installed in the system-wide and users nssdb and also concatenated into the `ca-certficates.crt` for curl, php and so on.\n\n## Code of Conduct\n\nPlease note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.\n\n## License\n\nMIT, see the [LICENSE](LICENSE) file.\n\n## Author Information\n\nThis role was created in 2017 by [pixelart GmbH](https://www.pixelart.at/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpixelart%2Fansible-role-nssdb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpixelart%2Fansible-role-nssdb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpixelart%2Fansible-role-nssdb/lists"}