Dustin C. Hatch
572022b557
Since the MinIO server that Restic uses to store snapshots has a certificate signed by the DCH CA, we need to trust the root certificate in order to communicate with it. Existing servers already had this CA trusted by the `pyrocufflink.yml` playbook, but new servers are not (usually) AD domain members anymore, so we need to be explicit now.
11 lines
148 B
YAML
11 lines
148 B
YAML
- hosts: restic
|
|
roles:
|
|
- role: trustca
|
|
ca: dch-root-ca-r2
|
|
tags:
|
|
- trustca
|
|
- dch-root-ca
|
|
- role: restic
|
|
tags:
|
|
- restic
|