aboutsummaryrefslogtreecommitdiffstats
path: root/roles/relayd/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/relayd/tasks')
-rw-r--r--roles/relayd/tasks/main.yml37
1 files changed, 37 insertions, 0 deletions
diff --git a/roles/relayd/tasks/main.yml b/roles/relayd/tasks/main.yml
index 8dc2837..1346675 100644
--- a/roles/relayd/tasks/main.yml
+++ b/roles/relayd/tasks/main.yml
@@ -1,5 +1,42 @@
---
+- name: generate simple ssl key and self-signed certificate
+ ansible.builtin.command:
+ cmd: |
+ openssl req
+ -x509
+ -newkey rsa:4096
+ -nodes
+ -subj "/CN={{ item.domain }}"
+ -keyout {{ relayd_ssl_keys_dir }}/{{ item.domain }}.key
+ -out {{ relayd_ssl_certificates_dir }}/{{ item.domain }}.pem
+ creates: "{{ relayd_ssl_keys_dir }}/{{ item.domain }}.key"
+ loop: "{{ relayd_rules }}"
+
+- name: apply restrictive permissions on ssl keys
+ ansible.builtin.file:
+ path: "{{ relayd_ssl_keys_dir }}/{{ item.domain }}.key"
+ owner: 0
+ group: 0
+ mode: "0600"
+ loop: "{{ relayd_rules }}"
+
+- name: retrieve certificate files
+ ansible.builtin.stat:
+ path: "{{ relayd_ssl_certificates_dir }}/{{ item.domain }}.crt"
+ loop: "{{ relayd_rules }}"
+ register: relayd_result_stat_certificates
+
+- name: link pem files to certificate files if required
+ ansible.builtin.file:
+ src: "{{ relayd_ssl_certificates_dir }}/{{ item.item.domain }}.pem"
+ dest: "{{ item.invocation.module_args.path }}"
+ owner: 0
+ group: 0
+ state: link
+ when: not item.stat.exists
+ loop: "{{ relayd_result_stat_certificates.results }}"
+
- name: generate relayd configuration
ansible.builtin.template:
src: relayd.conf.j2
remember that computers suck.