mirror of
https://github.com/Rudd-O/ansible-qubes.git
synced 2025-03-01 14:22:33 +01:00
26 lines
1.2 KiB
YAML
26 lines
1.2 KiB
YAML
---
|
|
|
|
- name: install SSL key
|
|
template: src=files/secrets/tls{{ item.value.key }} dest={{ item.value.key }} mode=0400 owner=root group=root
|
|
with_dict: ssl
|
|
register: ssl_key_deploy
|
|
- name: install SSL host certificate
|
|
template: src=files/secrets/tls{{ item.value.certificate }} dest={{ item.value.certificate }} mode=0644 owner=root group=root
|
|
with_dict: ssl
|
|
register: ssl_cert_deploy
|
|
- name: install SSL intermediate certificates
|
|
template: src=files/secrets/tls{{ item[1] }} dest={{ item[1] }} mode=0644 owner=root group=root
|
|
with_subelements:
|
|
- "{{ssl}}"
|
|
- intermediates
|
|
register: ssl_intermediate_deploy
|
|
- name: assemble certificate chain
|
|
shell: tmpfile=`mktemp` ; cat {{ item['value']['certificate'] }} {{ item['value']['intermediates']|join(' ') }} > $tmpfile ; if ! cmp $tmpfile {{ item['value']['assembled'] }} ; then cat $tmpfile > {{ item['value']['assembled'] }} ; echo CHANGED ; fi ; rm -f $tmpfile
|
|
with_dict: ssl
|
|
register: ssl_cert_assemble
|
|
changed_when: "'CHANGED' in ssl_cert_assemble.stdout"
|
|
- name: detect if SSL configuration changed
|
|
set_fact:
|
|
sslconf: '{"changed": {{ ssl_key_deploy.changed or ssl_cert_deploy.changed or ssl_intermediate_deploy.changed or ssl_cert_assemble.changed}} }'
|
|
|