# {{ ansible_managed }} # Do NOT edit this file directly! {% set tmpl = template_path | basename %} {% set pubkey = "certs/public/" + tmpl.rstrip("hpkp-hdr.j2") + ".pub" %} {%- set pins = [] %} {% for pk in [pubkey] + lookup('pipe', 'ls -1 '+pubkey+'.back*').splitlines() -%} {%- set sha256 = lookup('pipe', 'openssl pkey -pubin -outform DER <'+pk+' | openssl dgst -sha256 -binary | base64') -%} {%- set _ = pins.append('pin-sha256="' + sha256 + '"') -%} {%- endfor %} {%- if pins | length > 0 %} {% set directives = pins + ['max-age=15768000'] %} add_header Public-Key-Pins '{{ directives | join('; ') }}'; {% endif %}