fix: add back custom tls registry settings

2024-09-29 13:58:58 +02:00 · 2024-09-29 13:58:58 +02:00 · e7214c5c59
commit e7214c5c59
parent 455ef780e9
2 changed files with 58 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,4 +1,11 @@
 ---
+ucs_custom_tls_enabled: False
+ucs_custom_tls_apache2_enabled: True
+ucs_custom_tls_dovecot_enabled: False
+ucs_custom_tls_postfix_enabled: True
+ucs_custom_tls_cert_path: /etc/pki/tls/certs/mycert.pem
+ucs_custom_tls_key_path: /etc/pki/tls/private/mykey.pem
+
 ucs_filesystem_acl: []
 # @var ucs_filesystem_acl:example: >
 # ucs_filesystem_acl:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,6 +5,8 @@
    value: "{{ item.value }}"
    state: "{{ item.state | default('present') }}"
  loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
+  loop_control:
+    label: "{{ item.path }}={{ item.value }}"

 - name: Create system groups
  community.general.udm_group:
@ -45,3 +47,52 @@
  loop: "{{ ucs_cronjobs }}"
  loop_control:
    label: "{{ item.name }}"
+
+- name: Configure custom TLS certificates
+  when: ucs_custom_tls_enabled | bool
+  block:
+    - name: Set apache2 ucr vars
+      xoxys.general.ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      loop:
+        - path: apache2/ssl/certificate
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: apache2/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+        - path: saml/apache2/ssl/certificate
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: saml/apache2/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+      loop_control:
+        label: "{{ item.path }}={{ item.value }}"
+      notify: __ucs_apache_restart
+      when: ucs_custom_tls_apache2_enabled
+
+    - name: Set dovecot ucr vars
+      xoxys.general.ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      loop:
+        - path: mail/dovecot/ssl/certificate,
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: mail/dovecot/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+      loop_control:
+        label: "{{ item.path }}={{ item.value }}"
+      notify: __ucs_dovecot_restart
+      when: ucs_custom_tls_dovecot_enabled
+
+    - name: Set postfix ucr vars
+      xoxys.general.ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      loop:
+        - path: mail/postfix/ssl/certificate
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: mail/postfix/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+      loop_control:
+        label: "{{ item.path }}={{ item.value }}"
+      notify: __ucs_postfix_restart
+      when: ucs_custom_tls_postfix_enabled