source: darkpeak-services/roles/tls/tasks/main.yml @ feca43dc

ansiblekeycloakmatrixpleroma
Last change on this file since feca43dc was feca43dc, checked in by Mat Booth <mat.booth@…>, 3 years ago

tls: Split cert installation into separate role

It's not just for nginx!

  • Property mode set to 100644
File size: 596 bytes
Line 
1# If a service requires read access to a cert, the system user that
2# the service runs as should be a member of the "ssl-cert" group.
3
4- name: Install ssl-cert package
5  apt:
6    name: ssl-cert
7    state: present
8    update_cache: yes
9    cache_valid_time: 10800   # 3 hours
10
11- name: Ensure directory for TLS certs
12  file:
13    path: /etc/ssl/private
14    state: directory
15    owner: root
16    group: ssl-cert
17    mode: 0710
18
19- name: Install server TLS certificate
20  copy:
21    src: "ssl/{{ domain_name }}.pem"
22    dest: /etc/ssl/private/server.pem
23    owner: root
24    group: ssl-cert
25    mode: 0640
Note: See TracBrowser for help on using the repository browser.