create hostkey group which has read access to host certificate key

2019-05-24 11:57:03 +03:00 · 2019-05-24 11:57:03 +03:00 · 52c23c914f
commit 52c23c914f
parent be9fab2fc3
1 changed files with 7 additions and 2 deletions
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@ -1,5 +1,10 @@
 ---

+- name: create hostkey group
+  group:
+    name: hostkey
+    system: true
+
 - name: copy ca certificate
  copy:
    src: "/srv/ca/certs/ca.crt"
@ -20,6 +25,6 @@
  copy:
    src: "/srv/ca/private/{{ inventory_hostname }}.key"
    dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
-    mode: 0600
+    mode: 0640
    owner: root
-    group: "{{ ansible_wheel }}"
+    group: hostkey