From 9692d409658ce552ab3e0d9f41aadca1c7bcb407 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 28 Jun 2014 22:37:14 +0200
Subject: Make genkeypair.sh able to display TXT record for DKIM signatures.

---
 roles/common/tasks/ipsec.yml | 5 +++--
 roles/common/tasks/main.yml  | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'roles/common/tasks')

diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 5e0115e..d773c1c 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -1,8 +1,9 @@
 - name: Install strongSwan
   apt: pkg=strongswan-ikev2
 
-- name: Generate a key pair for IPSec
-  command: genkeypair.sh --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
+- name: Generate a private key and a X.509 certificate for IPSec
+  command: genkeypair.sh x509
+                         --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
                          --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key
                          --dns {{ inventory_hostname }}
                          -t ecdsa -b secp521r1 -h sha512
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index f24a2c9..0048443 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -14,6 +14,8 @@
         dest=/usr/local/bin/genkeypair.sh
         owner=root group=root
         mode=0755
+  tags:
+    - genkeypair
 - include: ipsec.yml    tags=strongswan,ipsec
 - include: logging.yml  tags=logging
 - include: ntp.yml      tags=ntp
-- 
cgit v1.2.3