diff options
Diffstat (limited to 'roles/relayd/tasks')
-rw-r--r-- | roles/relayd/tasks/main.yml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/roles/relayd/tasks/main.yml b/roles/relayd/tasks/main.yml index 8dc2837..1346675 100644 --- a/roles/relayd/tasks/main.yml +++ b/roles/relayd/tasks/main.yml @@ -1,5 +1,42 @@ --- +- name: generate simple ssl key and self-signed certificate + ansible.builtin.command: + cmd: | + openssl req + -x509 + -newkey rsa:4096 + -nodes + -subj "/CN={{ item.domain }}" + -keyout {{ relayd_ssl_keys_dir }}/{{ item.domain }}.key + -out {{ relayd_ssl_certificates_dir }}/{{ item.domain }}.pem + creates: "{{ relayd_ssl_keys_dir }}/{{ item.domain }}.key" + loop: "{{ relayd_rules }}" + +- name: apply restrictive permissions on ssl keys + ansible.builtin.file: + path: "{{ relayd_ssl_keys_dir }}/{{ item.domain }}.key" + owner: 0 + group: 0 + mode: "0600" + loop: "{{ relayd_rules }}" + +- name: retrieve certificate files + ansible.builtin.stat: + path: "{{ relayd_ssl_certificates_dir }}/{{ item.domain }}.crt" + loop: "{{ relayd_rules }}" + register: relayd_result_stat_certificates + +- name: link pem files to certificate files if required + ansible.builtin.file: + src: "{{ relayd_ssl_certificates_dir }}/{{ item.item.domain }}.pem" + dest: "{{ item.invocation.module_args.path }}" + owner: 0 + group: 0 + state: link + when: not item.stat.exists + loop: "{{ relayd_result_stat_certificates.results }}" + - name: generate relayd configuration ansible.builtin.template: src: relayd.conf.j2 |