mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-04-30 00:53:23 +02:00
57 lines
1.4 KiB
Django/Jinja
57 lines
1.4 KiB
Django/Jinja
vault {
|
|
address = "{{ nomad_vault_tls.address }}"
|
|
token = "{{ nomad_vault_tls.token }}"
|
|
unwrap_token = false
|
|
}
|
|
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/agent.crt.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ nomad_conf.tls.cert_file }}"
|
|
perms = 0644
|
|
exec {
|
|
command = "systemctl reload nomad"
|
|
}
|
|
}
|
|
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/agent.key.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ nomad_conf.tls.key_file }}"
|
|
perms = 0640
|
|
exec {
|
|
command = ["sh", "-c", "chgrp {{ nomad_user }} {{ nomad_conf.tls.key_file }} && systemctl reload nomad"]
|
|
}
|
|
}
|
|
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/ca.crt.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ nomad_conf.tls.ca_file }}"
|
|
perms = 0644
|
|
exec {
|
|
command = "systemctl reload nomad"
|
|
}
|
|
|
|
}
|
|
|
|
{% if nomad_conf.server.enabled %}
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/cli.crt.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ nomad_root_dir }}/tls/cli.crt"
|
|
}
|
|
|
|
template {
|
|
source = "{{ nomad_root_dir }}/consul-template/cli.key.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ nomad_root_dir }}/tls/cli.key"
|
|
perms = 0640
|
|
}
|
|
{% endif %}
|