diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-28 23:21:51 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:06 +0200 |
| commit | ebab80fc4e8e1999833f9295649766133eb4d6fa (patch) | |
| tree | 910023d4e5b5c1ddadb7792cdad0b693736c3238 /roles/common/tasks/ipsec.yml | |
| parent | 9692d409658ce552ab3e0d9f41aadca1c7bcb407 (diff) | |
Generate certs for Dovecot and Nginx if they are not there.
Diffstat (limited to 'roles/common/tasks/ipsec.yml')
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index d773c1c..0dbf3e1 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -1,32 +1,32 @@ - name: Install strongSwan apt: pkg=strongswan-ikev2 - name: Generate a private key and a X.509 certificate for IPSec command: genkeypair.sh x509 --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key --dns {{ inventory_hostname }} -t ecdsa -b secp521r1 -h sha512 register: r1 - failed_when: r1.rc > 1 changed_when: r1.rc == 0 + failed_when: r1.rc > 1 notify: - Restart IPSec - name: Fetch the public part of IPSec's host key sudo: False # Ensure we don't fetch private data fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem dest=certs/ipsec/ fail_on_missing=yes flat=yes # Don't copy our pubkey due to a possible race condition. Only the # remote machine has authority regarding its key. - name: Copy IPSec host pubkeys (except ours) copy: src=certs/ipsec/{{ item }}.pem dest=/etc/ipsec.d/certs/{{ item }}.pem owner=root group=root mode=0644 with_items: groups.all | difference([inventory_hostname]) register: r2 |