Use wlan_eap_ca_crl for URL of the certificate revocation list

doc/wlan.md

@@ -106,6 +106,10 @@ Every devices gets his own certificate. When creating new certificates, the old
   Values:
   * true
   * false <-- (default)
+* **wlan_eap_ca_crl**
+  URL of the certificate revocation list
+  Type: *String*
+  Default: "http://radius.{{ domain }}/radius-ca.crl"
 
 ### Examples
 
@@ -128,6 +132,7 @@ laptop:
       emailAddress: "admin@example.com"
       CN: "Radius Certificate Authority"
       password: "secret4radiusCA"
+    wlan_eap_ca_crl: "http://radius.example.com/radius-ca.crl"
 ```
 
 ## complex example with both modes
@@ -139,12 +144,15 @@ inventory.yml
 all:
   vars:
     wlan_ssid: "WLAName" # teacher and staff are using the same ssid
-    radiusca_password: "secret4radiusCA"
+    wlan_eap_ca:
-    country_name: "DE"
+      C: "DE"
-    state_or_province_name: "Baden-Württemberg"
+      ST: "Baden-Wuerttemberg"
-    locality_name: "Stuttgart"
+      L: "Reutlingen"
-    organization_name: "Baumschule"
+      O: "Linuxschule"
-    admin_email: "admin@example.com"
+      emailAddress: "admin@example.com"
+      CN: "Radius Certificate Authority"
+      password: "secret4radiusCA"
+    wlan_eap_ca_crl: "http://radius.example.com/radius-ca.crl"
 
 infrastructure:
   hosts:

roles/lmn_wlan/defaults/main.yaml

@@ -11,4 +11,5 @@ wlan_eap_ca:
   emailAddress: "admin@example.com"
   CN: "Radius Certificate Authority"
   password: "OtherVerySecurePassw0rd"
+wlan_eap_ca_crl: "http://radius.{{ domain }}/radius-ca.crl"
 wlan_enable_on_boot: true

roles/lmn_wlan/tasks/eap-tls_check-certificate.yaml

@@ -15,7 +15,7 @@
   ansible.builtin.get_url:
     force: true
     mode: "0644"
-    url: "http://radius.steinbeis.schule/radius-ca.crl"
+    url: "{{ wlan_eap_ca_crl }}"
     dest: /tmp/radius-ca.crl
   when: cert_client_active.stat.exists