2023-06-23 08:12:05 +02:00
|
|
|
{% set cas = [] %}
|
|
|
|
{% for service in services %}
|
|
|
|
{% if service.activate is true and 'certificates' in service %}
|
|
|
|
{% for certificate in service.certificates %}
|
|
|
|
{% if "owner" in certificate %}
|
|
|
|
{% set owner = certificate['owner'] %}
|
|
|
|
{% else %}
|
|
|
|
{% set owner = 'root' %}
|
|
|
|
{% endif %}
|
|
|
|
{% if "group" in certificate %}
|
|
|
|
{% set group = certificate['group'] %}
|
|
|
|
{% set mode = 440 %}
|
|
|
|
{% else %}
|
|
|
|
{% set group = 'root' %}
|
|
|
|
{% set mode = 400 %}
|
|
|
|
{% endif %}
|
|
|
|
{% if certificate['format'] == 'cert_key' %}
|
|
|
|
{% if certificate['name'] is string %}
|
|
|
|
C {{ tls_cert_directory }}/{{ certificate['name'] }}.crt 444 root root - /usr/local/lib{{ tls_cert_directory }}/{{ certificate['name'] }}.crt
|
|
|
|
C {{ tls_key_directory }}/{{ certificate['name'] }}.key {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ certificate['name'] }}.key
|
|
|
|
{% else %}
|
|
|
|
{% for cert in certificate['name'] %}
|
|
|
|
C {{ tls_cert_directory }}/{{ cert }}.crt 444 root root - /usr/local/lib{{ tls_cert_directory }}/{{ cert }}.crt
|
|
|
|
C {{ tls_key_directory }}/{{ cert }}.key {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ cert }}.key
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
|
|
{% if certificate['name'] is string %}
|
|
|
|
C {{ tls_key_directory }}/{{ certificate['name'] }}.pem {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ certificate['name'] }}.pem
|
|
|
|
{% else %}
|
|
|
|
{% for cert in certificate['name'] %}
|
|
|
|
C {{ tls_key_directory }}/{{ cert }}.pem {{ mode }} {{ owner }} {{ group }} - /usr/local/lib{{ tls_key_directory }}/{{ cert }}.pem
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
2023-08-02 09:26:54 +02:00
|
|
|
{% if certificate['authority'] not in cas and ('provider' not in certificate or certificate['provider'] == 'self-signed') %}
|
2023-06-23 08:12:05 +02:00
|
|
|
{{ cas.append(certificate['authority']) }}
|
|
|
|
C {{ tls_ca_directory }}/{{ certificate['authority'] }}.crt 444 root root - /usr/local/lib{{ tls_ca_directory }}/{{ certificate['authority'] }}.crt
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|