From 5fbd7dfc4eebc76d6b7400d8bdbdb9a35895317a Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Tue, 14 Aug 2018 21:26:37 +0200
Subject: [PATCH] move tls to application space

---
 defaults/main.yml |  4 ++--
 tasks/tls.yml     | 10 ++++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 45981c5..5cde2bb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -44,8 +44,8 @@ unifi_open_ports:
 
 unifi_tls_enabled: False
 unifi_tls_pkcs12_passphrase: temppass
-unifi_tls_certs_dir: /etc/pki/tls/certs
-unifi_tls_key_dir: /etc/pki/tls/private
+unifi_tls_certs_dir: "{{ unifi_base_dir }}/tls/certs"
+unifi_tls_key_dir: "{{ unifi_base_dir }}/tls/private"
 unifi_tls_cert_file: "{{ unifi_tls_certs_dir }}/mycert.pem"
 unifi_tls_key_file: "{{ unifi_tls_key_dir }}/mykey.pem"
 unifi_tls_source_use_content: False
diff --git a/tasks/tls.yml b/tasks/tls.yml
index 15ff10c..8b9d291 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -4,11 +4,17 @@
     file:
       path: "{{ item }}"
       state: directory
+      owner: "{{ unifi_user }}"
+      group: "{{ unifi_group }}"
+      recurse: True
       mode: 750
     with_items:
       - "{{ unifi_tls_certs_dir }}"
       - "{{ unifi_tls_key_dir }}"
+  become: True
+  become_user: root
 
+- block:
   - name: Copy certs and private key (file)
     copy:
       src: "{{ item.src }}"
@@ -33,7 +39,7 @@
       label: "{{ item.dest }}"
     register: __unifi_certs
   become: True
-  become_user: root
+  become_user: "{{ unifi_user }}"
 
 - block:
   - set_fact:
@@ -78,5 +84,5 @@
       path: "{{ __unifi_pkcs12_path }}"
       state: absent
   become: True
-  become_user: root
+  become_user: "{{ unifi_user }}"
   when: __unifi_certs.changed