diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-12-27 23:52:49 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-12-27 23:52:49 +0100 |
commit | 0a09b3ea758d78ff212b52147a484f294dee0f45 (patch) | |
tree | 5994c43af496080b082fbc9145ed4fe04d9432cf /roles/apps/publish/base/tasks/main.yml | |
parent | prometheus: finalize update for chrony-exporter (diff) |
add apps/upstream role
Diffstat (limited to 'roles/apps/publish/base/tasks/main.yml')
-rw-r--r-- | roles/apps/publish/base/tasks/main.yml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/roles/apps/publish/base/tasks/main.yml b/roles/apps/publish/base/tasks/main.yml new file mode 100644 index 00000000..9384b53f --- /dev/null +++ b/roles/apps/publish/base/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: generate/install TLS client certificate + loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}" + loop_control: + label: "{{ item.name }}" + vars: + x509_certificate_name: "apps-publish-{{ item.name }}" + x509_certificate_hostnames: [] + x509_certificate_config: + ca: "{{ item.certificate_ca_config }}" + cert: + common_name: "{{ inventory_hostname }}" + extended_key_usage: + - clientAuth + extended_key_usage_critical: yes + create_subject_key_identifier: yes + not_after: +100w + x509_certificate_reload_services: + - nginx + include_role: + name: "x509/{{ item.certificate_provider }}/cert" |