From f79e6d02102420ccc0e3c63671d135e3cec18520 Mon Sep 17 00:00:00 2001
From: Izak Eygelaar <izak.eygelaar@hetzner.co.za>
Date: Fri, 1 Feb 2019 20:59:56 +0200
Subject: [PATCH] Allow making use of Ansible-vault to encrypt and decrypt
 sensitive certs and keys (#95)

* Allow making use of Ansible-vault to encrypt sensitive certs and keys
---
 tasks/conf/upload-config.yml | 4 ++++
 tasks/plus/setup-license.yml | 1 +
 2 files changed, 5 insertions(+)

diff --git a/tasks/conf/upload-config.yml b/tasks/conf/upload-config.yml
index 8227e5c..4caa079 100644
--- a/tasks/conf/upload-config.yml
+++ b/tasks/conf/upload-config.yml
@@ -68,6 +68,8 @@
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_ssl_crt_upload_dest }}"
+    mode: 0640
+    decrypt: yes
     backup: yes
   with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
   when: nginx_ssl_upload_enable
@@ -76,6 +78,8 @@
   copy:
     src: "{{ item }}"
     dest: "{{ nginx_ssl_key_upload_dest }}"
+    mode: 0640
+    decrypt: yes
     backup: yes
   with_fileglob: "{{ nginx_ssl_key_upload_src }}"
   when: nginx_ssl_upload_enable
diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml
index af36fbe..dc3f8a6 100644
--- a/tasks/plus/setup-license.yml
+++ b/tasks/plus/setup-license.yml
@@ -8,6 +8,7 @@
   copy:
     src: "{{ item }}"
     dest: /etc/ssl/nginx
+    decrypt: yes
   with_items:
     - "{{ nginx_license.certificate }}"
     - "{{ nginx_license.key }}"