From ef63f5e849b6f2fafe7fea056ddd2970b5854a0c Mon Sep 17 00:00:00 2001 From: euanmillar Date: Wed, 1 May 2024 10:51:31 +0100 Subject: [PATCH] Add tasks to write server crts from Github Actions --- .github/workflows/provision.yml | 2 ++ infrastructure/server-setup/tasks/traefik.yml | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml index e11da6ef2..aaa87897e 100644 --- a/.github/workflows/provision.yml +++ b/.github/workflows/provision.yml @@ -76,6 +76,8 @@ jobs: external_backup_server_ip: ${{ secrets.BACKUP_HOST }} manager_production_server_ip: ${{ secrets.SSH_HOST }} ansible_user: ${{ secrets.SSH_USER }} + ssl_crt: ${{ secrets.SSL_CERT }} + ssl_key: ${{ secrets.SSL_KEY }} - name: Read known hosts run: | diff --git a/infrastructure/server-setup/tasks/traefik.yml b/infrastructure/server-setup/tasks/traefik.yml index 3e307c797..cba7b8875 100644 --- a/infrastructure/server-setup/tasks/traefik.yml +++ b/infrastructure/server-setup/tasks/traefik.yml @@ -15,3 +15,29 @@ group: application # Owner has rwx, group r, others no permissions mode: '0740' + + - name: Create crt template file with variable content + copy: + dest: "/data/traefik/certs/crt-template.j2" + content: | + {{ssl_crt}} + when: ssl_crt is defined and ssl_crt | length > 0 + + - name: Create key template file with variable content + copy: + dest: "/data/traefik/certs/key-template.j2" + content: | + {{ssl_key}} + when: ssl_key is defined and ssl_key | length > 0 + + - name: Write crt file + ansible.builtin.template: + src: "/data/traefik/certs/crt-template.j2" + dest: "/data/traefik/certs/cert.crt" + when: ssl_crt is defined and ssl_crt | length > 0 + + - name: Write key file + ansible.builtin.template: + src: "/data/traefik/certs/key-template.j2" + dest: "/data/traefik/certs/cert.key" + when: ssl_key is defined and ssl_key | length > 0 \ No newline at end of file