CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 2 Wiki Activity Actions

Make it possible to set custom permissions for certificate files

Browse source 
This is in preparation for a role using OpenSMTPD.
This commit is contained in:
June 2023-05-09 22:07:44 +02:00 committed by julian
commit f4a79fb4e2
3 changed files with 28 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
playbooks/roles/cert/tasks/deploy_cert.yaml
View file

@ -32,7 +32,7 @@
type: RSA
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0600"
mode: "{{ cert__privkey_pem_permissions }}"
become: true
- name: Ensure certificate signing request is created
@ -141,7 +141,7 @@
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"
mode: "{{ cert__cert_pem_permissions }}"
become: true
- name: Ensure correct permissions for fullchain cert are set
@ -149,7 +149,7 @@
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"
mode: "{{ cert__fullchain_pem_permissions }}"
become: true
- name: Get content of cert.pem
@ -170,5 +170,5 @@
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
owner: "{{ cert__owner }}"
group: "{{ cert__group }}"
mode: "0660"
mode: "{{ cert__chain_pem_permissions }}"
become: true