Copy letsencrypt certificates to the postgres directory.

author Jakub Czajka <jakub@ekhem.eu.org>

Mon, 16 Oct 2023 21:39:06 +0000 (23:39 +0200)

committer Jakub Czajka <jczajka@google.com>

Sun, 24 Dec 2023 18:46:45 +0000 (19:46 +0100)
author Jakub Czajka <jakub@ekhem.eu.org>
Mon, 16 Oct 2023 21:39:06 +0000 (23:39 +0200)
committer Jakub Czajka <jczajka@google.com>
Sun, 24 Dec 2023 18:46:45 +0000 (19:46 +0100)
diff --git a/server/postgres.yaml b/server/postgres.yaml

index bd403f1d92855aa9a664397c02c83ea893ee7655..23e5340768e8fc1f5560bbcb82b2b9bc2c1d2a07 100644 (file)
--- a/server/postgres.yaml
+++ b/server/postgres.yaml
@@ -26,6 +26,26 @@
    with_items:
      - pg_hba.conf
      - postgresql.conf
+- name: Ensure a directory for private files exists
+  file:
+    path: "/etc/postgresql/15/main/private"
+    state: directory
+    mode: "0700"
+    owner: postgres
+    group: postgres
+  become: true
+- name: Copy certificates
+  copy:
+    src: "/etc/letsencrypt/live/postgres/{{ item }}"
+    dest: "/etc/postgresql/15/main/private"
+    mode: "0600"
+    owner: postgres
+    group: postgres
+    remote_src: true
+  become: true
+  with_items:
+    - fullchain.pem
+    - privkey.pem
  - name: Restart postgres
    service:
      name: postgresql
author	Jakub Czajka <jakub@ekhem.eu.org>
	Mon, 16 Oct 2023 21:39:06 +0000 (23:39 +0200)
committer	Jakub Czajka <jczajka@google.com>
	Sun, 24 Dec 2023 18:46:45 +0000 (19:46 +0100)