From 2aaf8c5239520e603c06c1a7cfde2538b6ae0e50 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 9 Mar 2020 18:57:11 -0500
Subject: [PATCH] roles/cert: Common role for installing certs

The *cert* role is intended to be a generic, reusable role to copy an
X.509 certificate and/or private key file to managed nodes.  It is
intended to be included in a playbook with at least the `cert_src` and
`cert_dest` variables defined, e.g.:

```
- hosts: whatever
  roles:
  - role: cert
    cert_src: whatever.cer
    cert_dest: /path/to/whatever.cer
```
---
 roles/cert/tasks/main.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 roles/cert/tasks/main.yml

diff --git a/roles/cert/tasks/main.yml b/roles/cert/tasks/main.yml
new file mode 100644
index 0000000..36d0ae8
--- /dev/null
+++ b/roles/cert/tasks/main.yml
@@ -0,0 +1,12 @@
+- name: ensure server certificate is installed
+  copy:
+    src: certs/{{ cert_src }}
+    dest: '{{ cert_dest }}'
+    mode: '{{ cert_mode|d("0644") }}'
+- name: ensure server private key is installed
+  copy:
+    src: certs/{{ cert_key_src }}
+    dest: '{{ cert_key_dest }}'
+    mode: '{{ cert_key_mode|d("0600") }}'
+  diff: false
+  when: cert_key_src is defined