From badf001512f2f9c23117ed76ae375271fdaee43a Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 2 Oct 2023 23:13:36 +0200
Subject: add role x509/root-ca

---
 roles/x509/root-ca/tasks/main.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 roles/x509/root-ca/tasks/main.yml

(limited to 'roles/x509/root-ca/tasks/main.yml')

diff --git a/roles/x509/root-ca/tasks/main.yml b/roles/x509/root-ca/tasks/main.yml
new file mode 100644
index 00000000..31aeae39
--- /dev/null
+++ b/roles/x509/root-ca/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: create base directory for root ca
+  file:
+    path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}"
+    state: directory
+
+- name: copy certificates for ca
+  loop: "{{ x509_root_ca_certificates | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  copy:
+    src: "{{ item.value.file | default(omit) }}"
+    content: "{{ item.value.content | default(omit) }}"
+    dest: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item.key }}.crt"
+  notify: update ca certificates
+
+- name: fetch list of currently installed certificates
+  find:
+    paths: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}"
+    patterns: "*.crt"
+  register: x509_root_ca_certificates_installed
+
+- name: remove superflous certificates
+  loop: "{{ x509_root_ca_certificates_installed.files | map(attribute='path') | map('basename') | map('splitext') | map('first') | difference(x509_root_ca_certificates | list) }}"
+  file:
+    path: "/usr/local/share/ca-certificates/{{ x509_root_ca_name }}/{{ item }}.crt"
+    state: absent
+  notify: update ca certificates fresh
-- 
cgit v1.2.3