- Create ssl-cert group for TLS keys access on OpenBSD.

- Change group of /etc/ssl/private to ssl-cert.

tasks/tls_cert_OpenBSD.yml

@@ -4,16 +4,23 @@
   assert:
     that: ansible_os_family == 'OpenBSD'
 
+- name: Create TLS key-owner group
+  group:
+    name: ssl-cert
+    state: present
+
 - name: Create TLS keys and certs directories
   with_items:
   - name: certs
     mode: '0755'
+    group: wheel
   - name: private
-    mode: '0700'
+    mode: '0750'
+    group: ssl-cert
   file:
     path: '/etc/ssl/{{ item.name }}'
     owner: root
-    group: wheel
+    group: '{{ item.group }}'
     mode: '{{ item.mode }}'
     state: directory