From 4458ef90aea7bc4e667c35cf7499d8e7bb1c50c8 Mon Sep 17 00:00:00 2001 From: Pavel Safronov Date: Sun, 20 Oct 2024 20:34:56 +0000 Subject: [PATCH] added ca settings --- roles/ca-cert/defaults/main.yml | 3 +++ roles/ca-cert/handlers/main.yml | 3 +++ roles/ca-cert/meta/main.yml | 2 ++ roles/ca-cert/tasks/configs.yml | 12 ++++++++++++ roles/ca-cert/tasks/main.yml | 2 ++ roles/ca-cert/tasks/packages.yml | 3 +++ roles/common-tweaks/meta/main.yml | 1 + roles/ubuntu-devserver/meta/main.yml | 2 -- 8 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 roles/ca-cert/defaults/main.yml create mode 100644 roles/ca-cert/handlers/main.yml create mode 100644 roles/ca-cert/meta/main.yml create mode 100644 roles/ca-cert/tasks/configs.yml create mode 100644 roles/ca-cert/tasks/main.yml create mode 100644 roles/ca-cert/tasks/packages.yml diff --git a/roles/ca-cert/defaults/main.yml b/roles/ca-cert/defaults/main.yml new file mode 100644 index 0000000..4f2cd25 --- /dev/null +++ b/roles/ca-cert/defaults/main.yml @@ -0,0 +1,3 @@ +# key - ca name +# value - ca certificate +ca_cert: {} diff --git a/roles/ca-cert/handlers/main.yml b/roles/ca-cert/handlers/main.yml new file mode 100644 index 0000000..89d38e6 --- /dev/null +++ b/roles/ca-cert/handlers/main.yml @@ -0,0 +1,3 @@ +- name: handler update-ca-certificates + shell: + cmd: update-ca-certificates diff --git a/roles/ca-cert/meta/main.yml b/roles/ca-cert/meta/main.yml new file mode 100644 index 0000000..4c28e34 --- /dev/null +++ b/roles/ca-cert/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - { role: pkgmanager } diff --git a/roles/ca-cert/tasks/configs.yml b/roles/ca-cert/tasks/configs.yml new file mode 100644 index 0000000..5dfcb9c --- /dev/null +++ b/roles/ca-cert/tasks/configs.yml @@ -0,0 +1,12 @@ +- name: config custom ca certificates + copy: + content: "{{ item.value }}" + dest: "/usr/local/share/ca-certificates/{{ item.key }}.pem" + owner: root + group: root + mode: '0644' + with_dict: "{{ ca_cert }}" + notify: + - handler update-ca-certificates + +- meta: flush_handlers diff --git a/roles/ca-cert/tasks/main.yml b/roles/ca-cert/tasks/main.yml new file mode 100644 index 0000000..3e88433 --- /dev/null +++ b/roles/ca-cert/tasks/main.yml @@ -0,0 +1,2 @@ +- import_tasks: packages.yml +- import_tasks: configs.yml diff --git a/roles/ca-cert/tasks/packages.yml b/roles/ca-cert/tasks/packages.yml new file mode 100644 index 0000000..e3a99f9 --- /dev/null +++ b/roles/ca-cert/tasks/packages.yml @@ -0,0 +1,3 @@ +- name: pkg + apt: + name: ca-certificates diff --git a/roles/common-tweaks/meta/main.yml b/roles/common-tweaks/meta/main.yml index 799ec8c..dd4558a 100644 --- a/roles/common-tweaks/meta/main.yml +++ b/roles/common-tweaks/meta/main.yml @@ -2,6 +2,7 @@ dependencies: - { role: user, when: ansible_distribution == "Ubuntu" } - { role: pkgmanager } - { role: tzdata } + - { role: ca-cert } - { role: systemd } - { role: apparmor } - { role: tuxedo, when: ansible_system_vendor == "TUXEDO" } diff --git a/roles/ubuntu-devserver/meta/main.yml b/roles/ubuntu-devserver/meta/main.yml index 92f3ab4..b265ec5 100644 --- a/roles/ubuntu-devserver/meta/main.yml +++ b/roles/ubuntu-devserver/meta/main.yml @@ -1,6 +1,4 @@ dependencies: - - { role: bind } - - { role: resolv } - { role: docker } - { role: openvpn } - { role: tailscale }