dataset/seed/pki-tls/templates/0certificate.conf

36 lines
1.7 KiB
Text
Raw Normal View History

2023-02-14 14:24:16 +01:00
%set %%cas = []
%for %%service in %%services
%if %%service.activate is True and %%hasattr(%%service, 'certificates')
%for %%certificate in %%service.certificates
%if "owner" in %%certificate
%set %%owner = %%certificate['owner']
%else
%set %%owner = 'root'
%end if
%if %%certificate['format'] == 'cert_key'
%if %%isinstance(%%certificate['name'], list)
%for %%cert in %%certificate['name']
C %%tls_cert_directory/%%{cert}.crt 444 root root - /usr/local/lib%%tls_cert_directory/%%{cert}.crt
C %%tls_key_directory/%%{cert}.key 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{cert}.key
%end for
%else
C %%tls_cert_directory/%%{certificate['name']}.crt 444 root root - /usr/local/lib%%tls_cert_directory/%%{certificate['name']}.crt
C %%tls_key_directory/%%{certificate['name']}.key 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{certificate['name']}.key
%end if
%else
%if %%isinstance(%%certificate['name'], list)
%for %%cert in %%certificate['name']
C %%tls_key_directory/%%{cert}.pem 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{cert}.pem
%end for
%else
C %%tls_key_directory/%%{certificate['name']}.pem 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{certificate['name']}.pem
%end if
%end if
%if %%certificate['authority'] not in %%cas and ('provider' not in %%certificate or %%certificate['provider'] == 'autosigne')
%%cas.append(%%certificate['authority'])%slurp
C %%tls_ca_directory/%%{certificate['authority']}.crt 444 root root - /usr/local/lib%%tls_ca_directory/%%{certificate['authority']}.crt
%end if
%end for
%end if
%end for