From ad187f51e35dde0b0417185b8963cac661723850 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 26 Nov 2023 17:41:18 +0000
Subject: [PATCH] php4dvd: Use TLS for MariaDB connections

---
 roles/php4dvd/tasks/main.yml                           | 9 +++++++++
 roles/php4dvd/templates/php4dvd-container.service.j2   | 3 +++
 roles/php4dvd/templates/php4dvd-container.sysconfig.j2 | 3 +++
 3 files changed, 15 insertions(+)

diff --git a/roles/php4dvd/tasks/main.yml b/roles/php4dvd/tasks/main.yml
index fc42fe8..749a032 100644
--- a/roles/php4dvd/tasks/main.yml
+++ b/roles/php4dvd/tasks/main.yml
@@ -18,6 +18,15 @@
       - php4dvd
     creates: /var/lib/systemd/linger/php4dvd
 
+- name: Copy host key
+  ansible.builtin.copy:
+    dest: "{{ tls_private }}/php4dvd.key"
+    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
+    mode: "0640"
+    owner: root
+    group: php4dvd
+    remote_src: true
+
 - name: Get container source
   ansible.builtin.git:
     dest: /usr/local/src/docker-php4dvd
diff --git a/roles/php4dvd/templates/php4dvd-container.service.j2 b/roles/php4dvd/templates/php4dvd-container.service.j2
index 277bb16..af646cb 100644
--- a/roles/php4dvd/templates/php4dvd-container.service.j2
+++ b/roles/php4dvd/templates/php4dvd-container.service.j2
@@ -10,6 +10,9 @@ ExecStart=/usr/bin/podman run \
     --rm -p 127.0.0.1:8005:80 \
     --name php4dvd \
     --env PHP4DVD_* \
+    --volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
+    --volume={{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \
+    --volume={{ tls_private }}/php4dvd.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \
     --volume /export/volumes/php4dvd:/var/www/html/movies:rw,Z \
     php4dvd:latest
 ExecStop=/usr/bin/podman stop --ignore php4dvd
diff --git a/roles/php4dvd/templates/php4dvd-container.sysconfig.j2 b/roles/php4dvd/templates/php4dvd-container.sysconfig.j2
index af894b5..79c274b 100644
--- a/roles/php4dvd/templates/php4dvd-container.sysconfig.j2
+++ b/roles/php4dvd/templates/php4dvd-container.sysconfig.j2
@@ -2,4 +2,7 @@ PHP4DVD_DB_HOST=sqldb02.home.foo.sh
 PHP4DVD_DB_NAME=php4dvd
 PHP4DVD_DB_USER=php4dvd
 PHP4DVD_DB_PASS={{ php4dvd_mysql_pass }}
+PHP4DVD_DB_KEY=/etc/ssl/private/{{ inventory_hostname }}.key
+PHP4DVD_DB_CERT=/etc/ssl/certs/{{ inventory_hostname }}.crt
+PHP4DVD_DB_CACERT=/etc/ssl/certs/ca.crt
 PHP4DVD_USER_GUESTVIEW=true