diff --git a/roles/certs/defaults/main.yaml b/roles/certs/defaults/main.yaml new file mode 100644 index 0000000..bdea92f --- /dev/null +++ b/roles/certs/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +certs_trusted_ca: {} diff --git a/roles/certs/handlers/main.yaml b/roles/certs/handlers/main.yaml new file mode 100644 index 0000000..761b164 --- /dev/null +++ b/roles/certs/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: update-ca-certificates + command: update-ca-certificates + +# vim:ft=yaml.ansible: diff --git a/roles/certs/tasks/Debian.yaml b/roles/certs/tasks/Debian.yaml new file mode 100644 index 0000000..5bd6e18 --- /dev/null +++ b/roles/certs/tasks/Debian.yaml @@ -0,0 +1,10 @@ +--- +- name: add trusted ca certificates + copy: + dest: "{{ certs_trusted_ca_path }}/{{ item.key }}.crt" + content: "{{ item.value }}" + owner: root + group: root + mode: "0644" + loop: "{{ certs_trusted_ca | dict2items }}" + notify: update-ca-certificates diff --git a/roles/certs/tasks/main.yaml b/roles/certs/tasks/main.yaml new file mode 100644 index 0000000..1739ffc --- /dev/null +++ b/roles/certs/tasks/main.yaml @@ -0,0 +1,24 @@ +--- +- name: gather os specific variables + include_vars: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - vars + +- name: include os specific tasks + include_tasks: "{{ lookup('first_found', possible_files) }}" + vars: + possible_files: + files: + - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + paths: + - tasks diff --git a/roles/certs/vars/Debian.yaml b/roles/certs/vars/Debian.yaml new file mode 100644 index 0000000..ae2e62c --- /dev/null +++ b/roles/certs/vars/Debian.yaml @@ -0,0 +1,2 @@ +--- +certs_trusted_ca_path: /usr/local/share/ca-certificates