jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-16 10:13:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
ansible-roles/roles/sftpgo/tasks/conf.yml
Daniel Berteaud 3d8b59673b Update to 2022-09-13 10:00
2022-09-13 10:00:07 +02:00

84 lines
2.9 KiB
YAML
Raw Blame History

---
# When you configure Let's Encrypt certificate, sftpgo can't directly read the cert and key from /var/lib/dehydrated
# so a deploy_cert hook will copy them under {{ sftpgo_root_dir }}/etc/ssl
# But we still need to know the Let's Encrypt cert to use so the deploy hook will know which one to copy
# We do so by configuring certificate_file: letsencrypt:foo.example.org in SFTPGo configuration
- name: Handle Let's Encrypt cert
set_fact:
sftpgo_conf: "{{ sftpgo_conf | combine({ item: {'bindings': {'certificate_file': sftpgo_root_dir ~ '/etc/ssl/' ~ item ~ '.crt', 'certificate_key_file': sftpgo_root_dir ~ '/etc/ssl/' ~ item ~ '.key'} } }, recursive=True) }}"
loop:
- ftpd
- webdavd
- httpd
- telemetry
when:
- sftpgo_conf[item].bindings.certificate_file is defined
- sftpgo_conf[item].bindings.certificate_file is search('^letsencrypt:')
tags: sftpgo
- name: Deploy sftpgo config
template: src=sftpgo.yml.j2 dest={{ sftpgo_root_dir }}/etc/sftpgo.yml group={{ sftpgo_user }} mode=640
notify: restart sftpgo
tags: sftpgo
- name: Generate self-signed certificate for ftpd
import_tasks: ../includes/create_selfsigned_cert.yml
vars:
cert_path: "{{ sftpgo_root_dir }}/etc/ssl/ftpd.crt"
cert_key_path: "{{ sftpgo_root_dir }}/etc/ssl/ftpd.key"
cert_key_group: "{{ sftpgo_user }}"
cert_key_mode: 640
tags: sftpgo
- name: Generate self-signed certificate for webdavd
import_tasks: ../includes/create_selfsigned_cert.yml
vars:
cert_path: "{{ sftpgo_root_dir }}/etc/ssl/webdavd.crt"
cert_key_path: "{{ sftpgo_root_dir }}/etc/ssl/webdavd.key"
cert_key_group: "{{ sftpgo_user }}"
cert_key_mode: 640
tags: sftpgo
- name: Generate self-signed certificate for httpd
import_tasks: ../includes/create_selfsigned_cert.yml
vars:
cert_path: "{{ sftpgo_root_dir }}/etc/ssl/httpd.crt"
cert_key_path: "{{ sftpgo_root_dir }}/etc/ssl/httpd.key"
cert_key_group: "{{ sftpgo_user }}"
cert_key_mode: 640
tags: sftpgo
- name: Generate self-signed certificate for telemetry
import_tasks: ../includes/create_selfsigned_cert.yml
vars:
cert_path: "{{ sftpgo_root_dir }}/etc/ssl/telemetry.crt"
cert_key_path: "{{ sftpgo_root_dir }}/etc/ssl/telemetry.key"
cert_key_group: "{{ sftpgo_user }}"
cert_key_mode: 640
tags: sftpgo
- name: Set permissions on certificates
file: path={{ sftpgo_root_dir }}/etc/ssl/{{ item }}.crt owner=root group={{ sftpgo_user }} mode=644
loop:
- ftpd
- webdavd
- httpd
- telemetry
tags: sftpgo
- name: Set permissions on private keys
file: path={{ sftpgo_root_dir }}/etc/ssl/{{ item }}.key owner=root group={{ sftpgo_user }} mode=640
loop:
- ftpd
- webdavd
- httpd
- telemetry
tags: sftpgo
- name: Init or upgrade the database
command: "{{ sftpgo_root_dir }}/app/sftpgo --config-file {{ sftpgo_root_dir }}/etc/sftpgo.yml initprovider"
become_user: "{{ sftpgo_user }}"
when: sftpgo_install_mode != 'none'
tags: sftpgo
Reference in New Issue View Git Blame Copy Permalink