From dbdafdf1adcfe1fb11d63f724a93887ce6179129 Mon Sep 17 00:00:00 2001
From: Blallo <blallo@autistici.org>
Date: Sun, 24 Jan 2021 13:07:02 +0100
Subject: [PATCH] Parametrize remote directories

---
 defaults/main.yml               | 2 ++
 tasks/generate-ca-cert.yaml     | 2 +-
 tasks/generate-client-cert.yaml | 6 +++---
 tasks/generate-server-cert.yaml | 6 +++---
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a460547..b87b9d1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,6 +3,8 @@
 generate_tls_certs: true
 # Do not put trailing slash "/"
 cert_dir: ./certs
+remote_certs_dir: /etc/ssl
+remote_ca_certs_dir: /etc/ssl/certs
 generate_ca_cert: false
 generate_client_cert: false
 generate_server_cert: false
diff --git a/tasks/generate-ca-cert.yaml b/tasks/generate-ca-cert.yaml
index 75d6d74..8c79920 100644
--- a/tasks/generate-ca-cert.yaml
+++ b/tasks/generate-ca-cert.yaml
@@ -56,7 +56,7 @@
 - name: Copy the CA certificate to the remote machine
   copy:
     src: "{{ cert_dir }}/{{ tls_ca_cert }}"
-    dest: /etc/ssl/certs/
+    dest: "{{ remote_ca_certs_dir }}"
     mode: 0644
     owner: root
     group: root
diff --git a/tasks/generate-client-cert.yaml b/tasks/generate-client-cert.yaml
index 1dd6e5e..f1d7245 100644
--- a/tasks/generate-client-cert.yaml
+++ b/tasks/generate-client-cert.yaml
@@ -4,7 +4,7 @@
   file:
     state: directory
     recurse: yes
-    path: "/etc/ssl/{{ item.path }}"
+    path: "{{ remote_certs_dir }}/{{ item.path }}"
     mode: "{{ item.mode }}"
     owner: root
     group: root
@@ -32,7 +32,7 @@
   become: yes
   copy:
     src: "{{ cert_dir }}/{{ tls_client_key}}"
-    dest: /etc/ssl/local/certs/
+    dest: "{{ remote_certs_dir }}/local/certs/"
     mode: 0644
     owner: root
     group: root
@@ -80,7 +80,7 @@
   become: yes
   copy:
     src: "{{ cert_dir }}/{{ tls_client_cert }}"
-    dest: /etc/ssl/local/private
+    dest: "{{ remote_certs_dir }}/local/private"
     mode: 0600
     owner: root
     group: root
diff --git a/tasks/generate-server-cert.yaml b/tasks/generate-server-cert.yaml
index 5808241..70c4b00 100644
--- a/tasks/generate-server-cert.yaml
+++ b/tasks/generate-server-cert.yaml
@@ -4,7 +4,7 @@
   file:
     state: directory
     recurse: yes
-    path: "/etc/ssl/{{ item.path }}"
+    path: "{{ remote_certs_dir }}/{{ item.path }}"
     mode: "{{ item.mode }}"
     owner: root
     group: root
@@ -29,7 +29,7 @@
   become: yes
   copy:
     src: "{{ cert_dir }}/{{ inventory_hostname_short }}.key"
-    dest: /etc/ssl/local/certs/
+    dest: "{{ remote_certs_dir }}/local/certs/"
     mode: 0644
     owner: root
     group: root
@@ -89,7 +89,7 @@
   become: yes
   copy:
     src: "{{ cert_dir }}/{{ inventory_hostname_short }}.pem"
-    dest: /etc/ssl/local/private
+    dest: "{{ remote_certs_dir }}/local/private"
     mode: 0600
     owner: root
     group: root