php4dvd: Use TLS for MariaDB connections

2023-11-26 17:41:18 +00:00 · 2023-11-26 17:41:18 +00:00 · ad187f51e3
commit ad187f51e3
parent 270da668c3
3 changed files with 15 additions and 0 deletions
--- a/roles/php4dvd/tasks/main.yml
+++ b/roles/php4dvd/tasks/main.yml
@ -18,6 +18,15 @@
      - php4dvd
    creates: /var/lib/systemd/linger/php4dvd

+- name: Copy host key
+  ansible.builtin.copy:
+    dest: "{{ tls_private }}/php4dvd.key"
+    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
+    mode: "0640"
+    owner: root
+    group: php4dvd
+    remote_src: true
+
 - name: Get container source
  ansible.builtin.git:
    dest: /usr/local/src/docker-php4dvd
--- a/roles/php4dvd/templates/php4dvd-container.service.j2
+++ b/roles/php4dvd/templates/php4dvd-container.service.j2
@ -10,6 +10,9 @@ ExecStart=/usr/bin/podman run \
    --rm -p 127.0.0.1:8005:80 \
    --name php4dvd \
    --env PHP4DVD_* \
+    --volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
+    --volume={{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \
+    --volume={{ tls_private }}/php4dvd.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \
    --volume /export/volumes/php4dvd:/var/www/html/movies:rw,Z \
    php4dvd:latest
 ExecStop=/usr/bin/podman stop --ignore php4dvd
--- a/roles/php4dvd/templates/php4dvd-container.sysconfig.j2
+++ b/roles/php4dvd/templates/php4dvd-container.sysconfig.j2
@ -2,4 +2,7 @@ PHP4DVD_DB_HOST=sqldb02.home.foo.sh
 PHP4DVD_DB_NAME=php4dvd
 PHP4DVD_DB_USER=php4dvd
 PHP4DVD_DB_PASS={{ php4dvd_mysql_pass }}
+PHP4DVD_DB_KEY=/etc/ssl/private/{{ inventory_hostname }}.key
+PHP4DVD_DB_CERT=/etc/ssl/certs/{{ inventory_hostname }}.crt
+PHP4DVD_DB_CACERT=/etc/ssl/certs/ca.crt
 PHP4DVD_USER_GUESTVIEW=true