From c3eed3e396c25fdc03150b056e6f38d64730c7c2 Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Sun, 16 Nov 2025 13:53:02 -0500
Subject: [PATCH] Added a task to transfer over and register FQDN certificates
 from Ansible to remote machine

---
 roles/bootstrap/tasks/configure_ssl@linux.yml | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 roles/bootstrap/tasks/configure_ssl@linux.yml

diff --git a/roles/bootstrap/tasks/configure_ssl@linux.yml b/roles/bootstrap/tasks/configure_ssl@linux.yml
new file mode 100644
index 0000000..760dd43
--- /dev/null
+++ b/roles/bootstrap/tasks/configure_ssl@linux.yml
@@ -0,0 +1,39 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for bootstrap
+- name: Provide requisite SSL signed certificate for FQDN
+  ansible.builtin.copy:
+    backup: true
+    checksum: string
+    dest: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.crt"
+    force: true
+    group: root
+    owner: root
+    src: "ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.crt"
+    # validate: string
+- name: Provide requisite SSL private key for FQDN
+  ansible.builtin.copy:
+    backup: true
+    dest: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.key"
+    force: true
+    group: root
+    mode: "0600"
+    owner: root
+    src: "ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.key"
+    # validate: string
+- name: Provide requisite SSL public key for FQDN
+  ansible.builtin.copy:
+    backup: true
+    checksum: string
+    dest: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.pem"
+    force: true
+    group: root
+    owner: root
+    src: "ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.pem"
+    # validate: string
+- name: Update system registration of SSL certificates
+  ansible.builtin.command:
+    cmd: update-ca-certificates
+    creates: "/etc/ssl/certs/{{ hostvars[inventory_hostname].fqdn }}.pem"
+
+