add apps/upstream role

author: Christian Pointner <equinox@spreadspace.org> 2023-12-27 23:52:49 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2023-12-27 23:52:49 +0100
commit: 0a09b3ea758d78ff212b52147a484f294dee0f45 (patch)
tree: 5994c43af496080b082fbc9145ed4fe04d9432cf /roles/apps/publish/base/tasks
parent: prometheus: finalize update for chrony-exporter (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/roles/apps/publish/base/tasks/main.yml b/roles/apps/publish/base/tasks/main.yml
new file mode 100644
index 00000000..9384b53f
--- /dev/null
+++ b/roles/apps/publish/base/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: generate/install TLS client certificate
+  loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}"
+  loop_control:
+    label: "{{ item.name }}"
+  vars:
+    x509_certificate_name: "apps-publish-{{ item.name }}"
+    x509_certificate_hostnames: []
+    x509_certificate_config:
+      ca: "{{ item.certificate_ca_config }}"
+      cert:
+        common_name: "{{ inventory_hostname }}"
+        extended_key_usage:
+        - clientAuth
+        extended_key_usage_critical: yes
+        create_subject_key_identifier: yes
+        not_after: +100w
+    x509_certificate_reload_services:
+    - nginx
+  include_role:
+    name: "x509/{{ item.certificate_provider }}/cert"
author	Christian Pointner <equinox@spreadspace.org>	2023-12-27 23:52:49 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2023-12-27 23:52:49 +0100
commit	0a09b3ea758d78ff212b52147a484f294dee0f45 (patch)
tree	5994c43af496080b082fbc9145ed4fe04d9432cf /roles/apps/publish/base/tasks
parent	prometheus: finalize update for chrony-exporter (diff)