summaryrefslogtreecommitdiff
path: root/roles/x509/root-ca/tasks/main.yml
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2023-10-02 23:13:36 +0200
committerChristian Pointner <equinox@spreadspace.org>2023-10-02 23:13:36 +0200
commitbadf001512f2f9c23117ed76ae375271fdaee43a (patch)
tree7fe763cd8eafb41de4bd8d1b751a26a1cabd64f2 /roles/x509/root-ca/tasks/main.yml
parentnginx/auth/sso: cosmetic fix (diff)
add role x509/root-ca
Diffstat (limited to 'roles/x509/root-ca/tasks/main.yml')
-rw-r--r--roles/x509/root-ca/tasks/main.yml28
1 files changed, 28 insertions, 0 deletions
diff --git a/roles/x509/root-ca/tasks/main.yml b/roles/x509/root-ca/tasks/main.yml
new file mode 100644
index 00000000..31aeae39
--- /dev/null
+++ b/roles/x509/root-ca/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: create base directory for root ca
+ file:
+ path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}"
+ state: directory
+
+- name: copy certificates for ca
+ loop: "{{ x509_root_ca_certificates | dict2items }}"
+ loop_control:
+ label: "{{ item.key }}"
+ copy:
+ src: "{{ item.value.file | default(omit) }}"
+ content: "{{ item.value.content | default(omit) }}"
+ dest: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item.key }}.crt"
+ notify: update ca certificates
+
+- name: fetch list of currently installed certificates
+ find:
+ paths: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}"
+ patterns: "*.crt"
+ register: x509_root_ca_certificates_installed
+
+- name: remove superflous certificates
+ loop: "{{ x509_root_ca_certificates_installed.files | map(attribute='path') | map('basename') | map('splitext') | map('first') | difference(x509_root_ca_certificates | list) }}"
+ file:
+ path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item }}.crt"
+ state: absent
+ notify: update ca certificates fresh
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-07 19:14:30 +0000