--- - name: generate simple ssl key and self-signed certificate ansible.builtin.command: cmd: | openssl req -x509 -newkey rsa:4096 -nodes -subj "/CN={{ item.domain }}" -keyout {{ relayd_ssl_keys_dir }}/{{ item.domain }}.key -out {{ relayd_ssl_certificates_dir }}/{{ item.domain }}.pem creates: "{{ relayd_ssl_keys_dir }}/{{ item.domain }}.key" loop: "{{ relayd_rules }}" - name: apply restrictive permissions on ssl keys ansible.builtin.file: path: "{{ relayd_ssl_keys_dir }}/{{ item.domain }}.key" owner: 0 group: 0 mode: "0600" loop: "{{ relayd_rules }}" - name: retrieve certificate files ansible.builtin.stat: path: "{{ relayd_ssl_certificates_dir }}/{{ item.domain }}.crt" loop: "{{ relayd_rules }}" register: relayd_result_stat_certificates - name: link pem files to certificate files if required ansible.builtin.file: src: "{{ relayd_ssl_certificates_dir }}/{{ item.item.domain }}.pem" dest: "{{ item.invocation.module_args.path }}" owner: 0 group: 0 state: link when: not item.stat.exists loop: "{{ relayd_result_stat_certificates.results }}" - name: generate relayd configuration ansible.builtin.template: src: relayd.conf.j2 dest: "{{ relayd_configuration_file }}" owner: 0 group: 0 mode: "0640" register: relayd_result_generate_configuration - name: lint relayd configuration ansible.builtin.command: "relayd -nf {{ relayd_configuration_file }}" register: relayd_result_lint_configuration changed_when: - relayd_result_generate_configuration.changed - relayd_result_lint_configuration.rc != 0 - name: restart relayd # noqa: no-handler ansible.builtin.service: name: relayd state: restarted when: relayd_result_generate_configuration.changed or relayd_result_lint_configuration.changed - name: enable relayd ansible.builtin.service: name: relayd enabled: true