Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

postfix: use a chain file for ssl certs

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-07-21 16:25:10 -07:00
parent b54b8a0bb7
commit a336ba2a9e
1 changed files with 7 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

24
roles/base/tasks/postfix.yml
View file

@ -80,26 +80,16 @@
tags: tags:
- postfix - postfix
- name: install /etc/pki/tls/certs/gateway.crt # Install gateway tls cert as a pem file.
# This has: private key, then cert, then intermediate cert
# This cert is a digicert one, renew it there.
- name: install /etc/pki/tls/private/gateway-chain.pem
copy: copy:
src="{{private}}/files/smtpd/gateway.complete.crt" src="{{private}}/files/smtpd/gateway-chain.pem"
dest=/etc/pki/tls/certs/gateway.crt dest=/etc/pki/tls/private/gateway-chain.pem
owner=root owner=root
group=root group=root
mode=0644 mode=0600
when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging'
notify:
- restart postfix
tags:
- postfix
- name: Copy gateway.key
copy:
src="{{private}}/files/smtpd/gateway.key"
dest=/etc/pki/tls/private/gateway.key
owner=root
group=postfix
mode=0640
when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging' when: inventory_hostname.startswith(('bastion','smtp-mm')) and env != 'staging'
notify: notify:
- restart postfix - restart postfix