updated readme layout

ansibleguy · Jun 2, 2024 · da9cd71 · da9cd71
1 parent a7a3c90
commit da9cd71
Showing 1 changed file with 46 additions and 47 deletions.
diff --git a/README.md b/README.md
@@ -37,53 +37,6 @@ ansible-galaxy install ansibleguy.infra_pki --roles-path ./roles
 ansible-galaxy install -r requirements.yml
 ```
 
-## Functionality
-
-* **Package installation**
-  * OpenSSL
-
-
-* **Configuration**
-  * Usage of a group to allow read-only access to public-keys
-
-
-  * **Default config**:
-    * Paths:
-      * PKI base: '/var/local/lib/pki'
-      * Script: '/usr/local/sbin/easyrsa'
-    * PKI user: 'pki'
-    * Read-only group: 'pki_read'
-    * **EasyRSA vars**:
-      * Expiration:
-        * Root-CA: 20 years
-        * Sub-CA: 15 years
-        * Certificates: 3 years
-      * Digest:
-        * Root-CA: sha512
-        * Sub-CA/Certificates: sha256
-      * Algorithm: rsa
-      * Key size: 4096
-    * Certificates:
-      * Don't password-encrypt certificate private-keys
-      * Export formats:
-        * pkcs12 (_private/<cert>.p12_)
-        * certificate chain (_issued/<cert>.chain.crt_)
-
-
-  * **Default opt-ins**:
-    * Adding dedicated PKI-user and read-only group
-    * Saving CA/Sub-CA/Certificate passwords to files for easier automation
-      * See the information below for alternatives
-    * Installation and configuration of a Nginx webserver to server CRL's and CA-PublicKey's (_not yet implemented_)
-
-
-  * **Default opt-outs**:
-    * Purging of orphaned (_existing but not configured_) certificates
-    * Encryption of certificate private-keys (_non CA/Sub-CA_)
-
-
-----
-
 ## Usage
 
 You want a simple Ansible GUI? Check-out my [Ansible WebUI](https://github.com/ansibleguy/webui)
@@ -167,6 +120,52 @@ Note: `--check` mode is not supported by this role as it heavily depends on scri
 
 ----
 
+## Functionality
+
+* **Package installation**
+  * OpenSSL
+
+
+* **Configuration**
+  * Usage of a group to allow read-only access to public-keys
+
+
+  * **Default config**:
+    * Paths:
+      * PKI base: '/var/local/lib/pki'
+      * Script: '/usr/local/sbin/easyrsa'
+    * PKI user: 'pki'
+    * Read-only group: 'pki_read'
+    * **EasyRSA vars**:
+      * Expiration:
+        * Root-CA: 20 years
+        * Sub-CA: 15 years
+        * Certificates: 3 years
+      * Digest:
+        * Root-CA: sha512
+        * Sub-CA/Certificates: sha256
+      * Algorithm: rsa
+      * Key size: 4096
+    * Certificates:
+      * Don't password-encrypt certificate private-keys
+      * Export formats:
+        * pkcs12 (_private/<cert>.p12_)
+        * certificate chain (_issued/<cert>.chain.crt_)
+
+
+  * **Default opt-ins**:
+    * Adding dedicated PKI-user and read-only group
+    * Saving CA/Sub-CA/Certificate passwords to files for easier automation
+      * See the information below for alternatives
+    * Installation and configuration of a Nginx webserver to server CRL's and CA-PublicKey's (_not yet implemented_)
+
+
+  * **Default opt-outs**:
+    * Purging of orphaned (_existing but not configured_) certificates
+    * Encryption of certificate private-keys (_non CA/Sub-CA_)
+
+----
+
 ## Info