Initial commit

templates/dns.conf.j2

@@ -0,0 +1,4 @@
+{% for r in resolver %}
+resolver {{ r }};
+{% endfor %}
+resolver_timeout 5s;

templates/ssl_files.j2

@@ -0,0 +1,8 @@
+# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
+ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
+ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
+## verify chain of trust of OCSP response using Root CA and Intermediate certs
+ssl_trusted_certificate /etc/ssl/{{ inventory_hostname }}.crt;
+
+# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
+ssl_dhparam /etc/ssl/dhparams.pem;