From 0e6d757d2da2082b4c305f7c10c65720cafb83c9 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 28 Aug 2022 18:18:32 +0100
Subject: [PATCH] Create directories for additional x509 CAs

---
 playbooks/init-credentials.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/playbooks/init-credentials.yml b/playbooks/init-credentials.yml
index eb107d0a..6c02e0eb 100644
--- a/playbooks/init-credentials.yml
+++ b/playbooks/init-credentials.yml
@@ -28,7 +28,6 @@
         - dnssec
         - ssh
         - sso
-        - x509
 
     # First of all, generate secrets from the passwords.yml file.
     - name: Initialize secrets
@@ -50,12 +49,17 @@
     - name: Generate SSO credentials
       local_action: ed25519 privkey="{{ credentials_dir }}/sso/secret.key" pubkey="{{ credentials_dir }}/sso/public.key"
 
-    - name: Generate global DH params
-      local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"
-
     - set_fact:
         default_x509_ca_list:
           - {tag: x509}
+
+    - name: Create X509 CA directory
+      local_action: file path="{{ credentials_dir }}/{{ item.tag }}" state=directory
+      loop: "{{ x509_ca_list | default(default_x509_ca_list) }}"
+
     - name: Generate the X509 CA certificate
       local_action: x509_ca ca_subject="{{ item.subject | default('CN=Service CA') }}" ca_cert_path="{{ credentials_dir }}/{{ item.tag }}/ca.pem" ca_key_path="{{ credentials_dir }}/{{ item.tag }}/ca_private_key.pem"
       loop: "{{ x509_ca_list | default(default_x509_ca_list) }}"
+
+    - name: Generate global DH params
+      local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"
-- 
GitLab