source: darkpeak-services/roles/tls/tasks/configure-tls-cert.yml @ 8fab56d2

ansiblekeycloakmatrixpleroma
Last change on this file since 8fab56d2 was 8fab56d2, checked in by Mat Booth <mat.booth@…>, 2 years ago

Refs #7 - Refactor to allow each service to have its own cert

Precursor to letsencrypt

  • Property mode set to 100644
File size: 947 bytes
Line 
1# If a service requires read access to a cert, the system user that
2# the service runs as should be a member of the "ssl-cert" group.
3
4- name: Install ssl-cert package
5  apt:
6    name: ssl-cert
7    state: present
8    update_cache: yes
9    cache_valid_time: 10800   # 3 hours
10
11- name: Ensure directory for TLS certs
12  file:
13    path: /etc/ssl/private
14    state: directory
15    owner: root
16    group: ssl-cert
17    mode: 0710
18
19- name: Install server TLS certificate for default domain
20  copy:
21    src: "../../tls/files/ssl/{{ domain_name }}.pem"
22    dest: /etc/ssl/private/{{ domain_name }}.pem
23    owner: root
24    group: ssl-cert
25    mode: 0640
26  when:
27    - service_name == 'default'
28
29- name: Install server TLS certificate for service-specific domain
30  copy:
31    src: "../../tls/files/ssl/{{ domain_name }}.pem"
32    dest: /etc/ssl/private/{{ domain }}.pem
33    owner: root
34    group: ssl-cert
35    mode: 0640
36  when:
37    - service_name != 'default'
38
Note: See TracBrowser for help on using the repository browser.