From 45ed2678e7cba444f21bc88d0b23631313690a7e Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 25 Aug 2021 18:48:25 +0000
Subject: [PATCH] mariadb: Add TLS support for server

---
 roles/mariadb/tasks/main.yml       | 17 +++++++++++++++++
 roles/mariadb/templates/tls.cnf.j2 |  4 ++++
 2 files changed, 21 insertions(+)
 create mode 100644 roles/mariadb/templates/tls.cnf.j2

diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 90235f8..097291b 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -34,6 +34,23 @@
     line: datadir=/srv/mariadb
   notify: restart mariadb
 
+- name: create additional config directory
+  file:
+    path: /etc/mysql
+    state: directory
+    mode: 0750
+    owner: root
+    group: mysql
+
+- name: create tls configuration
+  template:
+    dest: /etc/my.cnf.d/tls.cnf
+    src: tls.cnf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart mariadb
+
 - name: enable service
   service:
     name: mariadb
diff --git a/roles/mariadb/templates/tls.cnf.j2 b/roles/mariadb/templates/tls.cnf.j2
new file mode 100644
index 0000000..e193b3f
--- /dev/null
+++ b/roles/mariadb/templates/tls.cnf.j2
@@ -0,0 +1,4 @@
+[mariadb]
+ssl-cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
+ssl-key = {{ tls_private }}/{{ inventory_hostname }}.key
+ssl-ca = {{ tls_certs }}/ca.crt