add certs role

roles/certs/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+certs_trusted_ca: {}

roles/certs/handlers/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: update-ca-certificates
+  command: update-ca-certificates
+
+# vim:ft=yaml.ansible:

roles/certs/tasks/Debian.yaml

@@ -0,0 +1,10 @@
+---
+- name: add trusted ca certificates
+  copy:
+    dest: "{{ certs_trusted_ca_path }}/{{ item.key }}.crt"
+    content: "{{ item.value }}" 
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ certs_trusted_ca | dict2items }}"
+  notify: update-ca-certificates

roles/certs/tasks/main.yaml

@@ -0,0 +1,24 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks

roles/certs/vars/Debian.yaml

@@ -0,0 +1,2 @@
+---
+certs_trusted_ca_path: /usr/local/share/ca-certificates