From 2f2db828b20310324a8a1af001c4e67ba93e91ad Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 16 Mar 2021 07:30:02 +0000
Subject: [PATCH] dhparams: Helper role to copy dhparams file to hosts

---
 roles/dhparams/files/ffdhe3072.pem | 11 +++++++++++
 roles/dhparams/tasks/main.yml      | 10 ++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 roles/dhparams/files/ffdhe3072.pem
 create mode 100644 roles/dhparams/tasks/main.yml

diff --git a/roles/dhparams/files/ffdhe3072.pem b/roles/dhparams/files/ffdhe3072.pem
new file mode 100644
index 0000000..88d5ac0
--- /dev/null
+++ b/roles/dhparams/files/ffdhe3072.pem
@@ -0,0 +1,11 @@
+-----BEGIN DH PARAMETERS-----
+MIIBjAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
+N///////////AgECAgIBFA==
+-----END DH PARAMETERS-----
diff --git a/roles/dhparams/tasks/main.yml b/roles/dhparams/tasks/main.yml
new file mode 100644
index 0000000..01c703e
--- /dev/null
+++ b/roles/dhparams/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+# https://tools.ietf.org/html/rfc7919#appendix-A.2
+- name: copy dhparams
+  copy:
+    dest: "{{ tls_certs }}/ffdhe3072.pem"
+    src: ffdhe3072.pem
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"