1 files changed, 54 insertions, 0 deletions

diff --git a/roles/apps/node-red/instance/tasks/main.yml b/roles/apps/node-red/instance/tasks/main.yml
new file mode 100644
index 00000000..ec9b9dff
--- /dev/null
+++ b/roles/apps/node-red/instance/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+## TODO: add storage handling!
+- set_fact:
+    node_red_instance_basepath: "/srv/node-red/{{ node_red_instance }}"
+##
+
+## TODO: custom user
+
+- name: create instance directories
+  loop:
+  - data
+  - tls
+  file:
+    path: "{{ node_red_instance_basepath }}/{{ item }}"
+    state: directory
+    owner: 1000
+    mode: 0700
+
+- name: generate/install/fetch TLS certificate
+  when: "'mqtt_tls' in node_red_instances[node_red_instance]"
+  vars:
+    x509_certificate_name: "node-red-{{ node_red_instance }}_mqtt"
+    x509_certificate_hostnames: []
+    x509_certificate_config: "{{ node_red_instances[node_red_instance].mqtt_tls.certificate_config }}"
+    x509_certificate_renewal:
+      install:
+      - dest: "{{ node_red_instance_basepath }}/tls/mqtt-crt.pem"
+        src:
+        - fullchain
+        owner: root
+        group: 1000
+        mode: "0644"
+      - dest: "{{ node_red_instance_basepath }}/tls/mqtt-key.pem"
+        src:
+        - key
+        owner: root
+        group: 1000
+        mode: "0640"
+      - dest: "{{ node_red_instance_basepath }}/tls/mqtt-ca-crt.pem"
+        src:
+        - ca_cert
+        owner: root
+        group: 1000
+        mode: "0644"
+  include_role:
+    name: "x509/{{ node_red_instances[node_red_instance].mqtt_tls.certificate_provider }}/cert"
+
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "node-red-{{ node_red_instance }}"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+  include_role:
+    name: kubernetes/standalone/pod