From b18bcedb597a225196fd9855e5f8f65052cfa1b2 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 14 May 2019 22:18:37 +0300
Subject: [PATCH] install local ca signed host certificates for all hosts

---
 roles/base/tasks/main.yml |  7 ++++++-
 roles/pki/tasks/main.yml  | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 roles/pki/tasks/main.yml

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 1bf026f..d28c08b 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -12,4 +12,9 @@
 
 - name: install basic roles
   include_role:
-    name: opensmtpd
+    name: "{{ role }}"
+  with_items:
+    - opensmtpd
+    - pki
+  loop_control:
+    loop_var: role
diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
new file mode 100644
index 0000000..7c2523b
--- /dev/null
+++ b/roles/pki/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+
+- name: copy ca certificate
+  copy:
+    src: "/srv/ca/certs/ca.crt"
+    dest: "/etc/pki/tls/certs/ca.crt"
+    mode: 0644
+    owner: root
+    group: root
+
+- name: copy host certificate
+  copy:
+    src: "/srv/ca/certs/{{ inventory_hostname }}.crt"
+    dest: "/etc/pki/tls/certs/{{ inventory_hostname }}.crt"
+    mode: 0644
+    owner: root
+    group: root
+
+- name: copy host key
+  copy:
+    src: "/srv/ca/private/{{ inventory_hostname }}.key"
+    dest: "/etc/pki/tls/private/{{ inventory_hostname }}.key"
+    mode: 0600
+    owner: root
+    group: root