Skip to content

Commit

Permalink
chore(lego): ensure lego_certificate_store is owned by lego_certifica…
Browse files Browse the repository at this point in the history 
…te_store_user
  • Loading branch information
@transcaffeine
transcaffeine committed Nov 29, 2023
1 parent ed8f015 commit c06f6a6
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion roles/lego/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,24 @@
tags: ["prepare", "prepare-lego"]

- name: "Ensure certificate directory exists and has the configured permissions"
file:
ansible.builtin.file:
path: "{{ lego_certificate_store }}"
state: "directory"
owner: "{{ lego_certificate_store_user }}"
group: "{{ lego_certificate_store_group }}"
mode: "{{ lego_certificate_store_mode }}"
tags: ["prepare", "prepare-lego"]
register: lego_certificate_store_info

- name: "Ensure certificates in directory belong to '{{ lego_certificate_store_user }}:{{ lego_certificate_store_group }}'"
ansible.builtin.file:
path: "{{ lego_certificate_store }}"
state: directory
owner: "{{ lego_certificate_store_user }}"
group: "{{ lego_certificate_store_group }}"
recurse: true
tags: ["prepare", "prepare-lego"]
when: lego_certificate_store_info.changed

- name: "Ensure lego binary exists and has the correct version"
shell: "{{ lego_check_version_cmd }}" # noqa: command-instead-of-shell
Expand Down

0 comments on commit c06f6a6

Please sign in to comment.