Skip to content
Snippets Groups Projects
Select Git revision
  • a6792aa563e5238985d2e6ae8dc801283a5de5a7
  • master default
2 results

tls_cert_Debian.yml

Blame
    • nimrod's avatar
      a6792aa5
      - Added name and date to license. · a6792aa5
      nimrod authored
      - Removed init detection, already present in Ansible, removed reference in
        tasks.
      - Removed root_group var, use gid 0.
      - State file mode as octal number instead of string.
      a6792aa5
      History
      - Added name and date to license.
      nimrod authored
      - Removed init detection, already present in Ansible, removed reference in
        tasks.
      - Removed root_group var, use gid 0.
      - State file mode as octal number instead of string.
    tls_cert_Debian.yml 1.36 KiB
    ---
    
    - name: Assert
      assert:
        that: ansible_os_family == 'Debian'
    
    - name: apt install TLS CA certs
      apt:
        name: '{{ item }}'
        state: present
        update_cache: yes
        cache_valid_time: 3600
      with_items:
      - ssl-cert
      - ca-certificates
    
    - name: Set TLS key and certificate
      set_fact:
        tls_key_path: '/etc/ssl/private/{{ tls_key|default("ssl-cert-snakeoil")|basename }}.key'
        tls_cert_path: '/etc/ssl/certs/{{ tls_cert|default("ssl-cert-snakeoil")|basename }}.pem'
        tls_ca_cert_path: '/etc/ssl/certs/{{ tls_ca_cert|default(tls_cert|default("ssl-cert-snakeoil"))|basename }}.pem'
    
    - name: Copy TLS certificate and key
      when: tls_cert is defined and tls_key is defined and tls_ca_cert is defined
      copy:
        src: '{{ item.src }}'
        dest: '{{ item.dest }}'
        owner: root
        group: '{{ item.group }}'
        mode: '{{ item.mode }}'
      register: tls_copy
      with_items:
        - src: '{{ tls_key }}'
          dest: '{{ tls_key_path }}'
          mode: 0o0640
          group: ssl-cert
        - src: '{{ tls_cert }}'
          dest: '/usr/local/share/ca-certificates/{{ tls_cert|basename }}.crt'
          mode: 0o0644
          group: root
        - src: '{{ tls_ca_cert }}'
          dest: '/usr/local/share/ca-certificates/{{ tls_ca_cert|basename }}.crt'
          mode: 0o0644
          group: root
    
    - name: Update certificate authority store
      command: /usr/sbin/update-ca-certificates
      when: tls_copy.changed