From fe8619e336d4cbc6bd02e1a09b6794d188a69137 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Wed, 16 Dec 2015 21:47:21 +0200
Subject: [PATCH] - Create ssl-cert group for TLS keys access on OpenBSD. -
 Change group of /etc/ssl/private to ssl-cert.

---
 tasks/tls_cert_OpenBSD.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tasks/tls_cert_OpenBSD.yml b/tasks/tls_cert_OpenBSD.yml
index 8cb6b0d..99310b6 100644
--- a/tasks/tls_cert_OpenBSD.yml
+++ b/tasks/tls_cert_OpenBSD.yml
@@ -4,16 +4,23 @@
   assert:
     that: ansible_os_family == 'OpenBSD'
 
+- name: Create TLS key-owner group
+  group:
+    name: ssl-cert
+    state: present
+
 - name: Create TLS keys and certs directories
   with_items:
   - name: certs
     mode: '0755'
+    group: wheel
   - name: private
-    mode: '0700'
+    mode: '0750'
+    group: ssl-cert
   file:
     path: '/etc/ssl/{{ item.name }}'
     owner: root
-    group: wheel
+    group: '{{ item.group }}'
     mode: '{{ item.mode }}'
     state: directory
 
-- 
GitLab