From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Mon, 16 Oct 2023 21:39:06 +0000 (+0200)
Subject: Copy letsencrypt certificates to the postgres directory.
X-Git-Url: https://git.ekhem.eu.org/?a=commitdiff_plain;h=b95ae569c7dd7a2e0f12a3805ff16b9c8e8fdeb5;p=turnup.git

Copy letsencrypt certificates to the postgres directory.
---

diff --git a/server/postgres.yaml b/server/postgres.yaml
index bd403f1..23e5340 100644
--- a/server/postgres.yaml
+++ b/server/postgres.yaml
@@ -26,6 +26,26 @@
   with_items:
     - pg_hba.conf
     - postgresql.conf
+- name: Ensure a directory for private files exists
+  file:
+    path: "/etc/postgresql/15/main/private"
+    state: directory
+    mode: "0700"
+    owner: postgres
+    group: postgres
+  become: true
+- name: Copy certificates
+  copy:
+    src: "/etc/letsencrypt/live/postgres/{{ item }}"
+    dest: "/etc/postgresql/15/main/private"
+    mode: "0600"
+    owner: postgres
+    group: postgres
+    remote_src: true
+  become: true
+  with_items:
+    - fullchain.pem
+    - privkey.pem
 - name: Restart postgres
   service:
     name: postgresql