Make it possible to set custom permissions for certificate files
This is in preparation for a role using OpenSMTPD.
This commit is contained in:
julian
parent
7bb741c8e3
commit
f4a79fb4e2
|
|
@ -1,3 +1,7 @@
|
||||||
cert__handlers: []
|
cert__handlers: []
|
||||||
cert__owner: root
|
cert__owner: root
|
||||||
cert__group: root
|
cert__group: root
|
||||||
|
cert__fullchain_pem_permissions: "0660"
|
||||||
|
cert__chain_pem_permissions: "0660"
|
||||||
|
cert__cert_pem_permissions: "0660"
|
||||||
|
cert__privkey_pem_permissions: "0600"
|
||||||
|
|
|
||||||
|
|
@ -30,3 +30,23 @@ argument_specs:
|
||||||
description: The zone to use for publishing the TXT record.
|
description: The zone to use for publishing the TXT record.
|
||||||
required: true
|
required: true
|
||||||
type: str
|
type: str
|
||||||
|
cert__fullchain_pem_permissions:
|
||||||
|
description: Permissons for the `fullchain.pem`.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: "0660"
|
||||||
|
cert__chain_pem_permissions:
|
||||||
|
description: Permissons for the `chain.pem`.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: "0660"
|
||||||
|
cert__cert_pem_permissions:
|
||||||
|
description: Permissons for the `cert.pem`.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: "0660"
|
||||||
|
cert__privkey_pem_permissions:
|
||||||
|
description: Permissons for the `privkey.pem`.
|
||||||
|
type: str
|
||||||
|
required: false
|
||||||
|
default: "0600"
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@
|
||||||
type: RSA
|
type: RSA
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0600"
|
mode: "{{ cert__privkey_pem_permissions }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Ensure certificate signing request is created
|
- name: Ensure certificate signing request is created
|
||||||
|
|
@ -141,7 +141,7 @@
|
||||||
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
path: "/etc/ansible_certs/certs/{{ item }}/cert.pem"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "{{ cert__cert_pem_permissions }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Ensure correct permissions for fullchain cert are set
|
- name: Ensure correct permissions for fullchain cert are set
|
||||||
|
|
@ -149,7 +149,7 @@
|
||||||
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
path: "/etc/ansible_certs/certs/{{ item }}/fullchain.pem"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "{{ cert__fullchain_pem_permissions }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Get content of cert.pem
|
- name: Get content of cert.pem
|
||||||
|
|
@ -170,5 +170,5 @@
|
||||||
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
|
dest: "/etc/ansible_certs/certs/{{ item }}/chain.pem"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "{{ cert__chain_pem_permissions }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue