From fdfa5c29e58256b989069c8b4e07bf4d7bd8f6dd Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 6 Oct 2022 15:25:30 +0000
Subject: [PATCH] pki: Fix private key dir perms on OpenBSD

---
 roles/pki/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
index 8943497..aafc6fd 100644
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@@ -29,6 +29,14 @@
   ansible.builtin.set_fact:
     pki_cacert_hash: "{{ result.stdout }}"
 
+- name: fix private key directory permissions
+  ansible.builtin.file:
+    path: "{{ tls_private }}"
+    mode: 0750
+    owner: root
+    group: hostkey
+  when: ansible_system == "OpenBSD"
+
 - name: copy host certificate
   ansible.builtin.copy:
     src: "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"