Add tasks to write server crts from Github Actions

opencrvs · May 1, 2024 · ef63f5e · ef63f5e
1 parent e12507f
commit ef63f5e
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml
@@ -76,6 +76,8 @@ jobs:
           external_backup_server_ip: ${{ secrets.BACKUP_HOST }}
           manager_production_server_ip: ${{ secrets.SSH_HOST }}
           ansible_user: ${{ secrets.SSH_USER }}
+          ssl_crt: ${{ secrets.SSL_CERT }}
+          ssl_key: ${{ secrets.SSL_KEY }}
 
       - name: Read known hosts
         run: |

diff --git a/infrastructure/server-setup/tasks/traefik.yml b/infrastructure/server-setup/tasks/traefik.yml
@@ -15,3 +15,29 @@
     group: application
     # Owner has rwx, group r, others no permissions
     mode: '0740'
+
+  - name: Create crt template file with variable content
+    copy:
+      dest: "/data/traefik/certs/crt-template.j2"
+      content: |
+        {{ssl_crt}}
+    when: ssl_crt is defined and ssl_crt | length > 0
+
+  - name: Create key template file with variable content
+    copy:
+      dest: "/data/traefik/certs/key-template.j2"
+      content: |
+        {{ssl_key}}
+    when: ssl_key is defined and ssl_key | length > 0
+
+  - name: Write crt file
+    ansible.builtin.template:
+      src: "/data/traefik/certs/crt-template.j2"
+      dest: "/data/traefik/certs/cert.crt"
+    when: ssl_crt is defined and ssl_crt | length > 0
+
+  - name: Write key file
+    ansible.builtin.template:
+      src: "/data/traefik/certs/key-template.j2"
+      dest: "/data/traefik/certs/cert.key"
+    when: ssl_key is defined and ssl_key | length > 0