forked from stove/dataset
35 lines
1.7 KiB
Text
35 lines
1.7 KiB
Text
%set %%cas = []
|
|
%for %%service in %%services
|
|
%if %%service.activate is True and %%hasattr(%%service, 'certificates')
|
|
%for %%certificate in %%service.certificates
|
|
%if "owner" in %%certificate
|
|
%set %%owner = %%certificate['owner']
|
|
%else
|
|
%set %%owner = 'root'
|
|
%end if
|
|
%if %%certificate['format'] == 'cert_key'
|
|
%if %%isinstance(%%certificate['name'], list)
|
|
%for %%cert in %%certificate['name']
|
|
C %%tls_cert_directory/%%{cert}.crt 444 root root - /usr/local/lib%%tls_cert_directory/%%{cert}.crt
|
|
C %%tls_key_directory/%%{cert}.key 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{cert}.key
|
|
%end for
|
|
%else
|
|
C %%tls_cert_directory/%%{certificate['name']}.crt 444 root root - /usr/local/lib%%tls_cert_directory/%%{certificate['name']}.crt
|
|
C %%tls_key_directory/%%{certificate['name']}.key 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{certificate['name']}.key
|
|
%end if
|
|
%else
|
|
%if %%isinstance(%%certificate['name'], list)
|
|
%for %%cert in %%certificate['name']
|
|
C %%tls_key_directory/%%{cert}.pem 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{cert}.pem
|
|
%end for
|
|
%else
|
|
C %%tls_key_directory/%%{certificate['name']}.pem 400 %%owner root - /usr/local/lib%%tls_key_directory/%%{certificate['name']}.pem
|
|
%end if
|
|
%end if
|
|
%if %%certificate['authority'] not in %%cas and ('provider' not in %%certificate or %%certificate['provider'] == 'autosigne')
|
|
%%cas.append(%%certificate['authority'])%slurp
|
|
C %%tls_ca_directory/%%{certificate['authority']}.crt 444 root root - /usr/local/lib%%tls_ca_directory/%%{certificate['authority']}.crt
|
|
%end if
|
|
%end for
|
|
%end if
|
|
%end for
|