added a few configs

tasks/configure.yml

@@ -0,0 +1,12 @@
+---
+# task/configure file for renew_vault_certificates
+- name: "Copy vault_cert.pem.tpl template"
+  ansible.builtin.template:
+    src: vault_cert.tpl.j2
+    dest: "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl"
+    owner: "{{ renew_vault_certificates_vault_user }}"
+    group: "{{ renew_vault_certificates_vault_group }}"
+    mode: '0600'
+  notify:
+    - "systemctl-enable-vault-ctpl"
+    - "systemctl-restart-vault-ctpl"

tasks/install.yml

@@ -0,0 +1,15 @@
+---
+# task/install file for renew_vault_certificates
+- name: "Configure hashicorp repository"
+  ansible.builtin.include_role:
+    name: ednxzu.manage_repositories
+  vars:
+    manage_repositories_enable_default_repo: false
+    manage_repositories_enable_custom_repo: true
+    manage_repositories_custom_repo: "{{ renew_vault_certificates_repository }}"
+
+- name: "Install vault:{{ hashi_vault_version }}"
+  ansible.builtin.include_role:
+    name: ednxzu.manage_apt_packages
+  vars:
+    manage_apt_packages_list: "{{ renew_vault_certificates_packages }}"

tasks/main.yml

@@ -1,2 +1,7 @@
 ---
 # task/main file for renew_vault_certificates
+- name: "Import prerequisites.yml"
+  ansible.builtin.include_tasks: prerequisites.yml
+
+- name: "Import install.yml"
+  ansible.builtin.include_tasks: install.yml

tasks/prerequisites.yml

@@ -8,3 +8,10 @@
   delegate_to: localhost
   run_once: true
 
+- name: "Create directory {{ renew_vault_certificates_config_dir }}"
+  ansible.builtin.file:
+    path: "{{ renew_vault_certificates_config_dir }}"
+    state: directory
+    owner: "{{ renew_vault_certificates_vault_user }}"
+    group: "{{ renew_vault_certificates_vault_group }}"
+    mode: '0755'

templates/vault_config.hcl.j2

@@ -6,26 +6,19 @@ vault {
 }
 
 template {
-  source      = "/etc/consul-template/ednz.pem.tpl"
-  destination = "/opt/vault/tls/ednz.pem"
+  source      = "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl"
+  destination = "{{ renew_vault_certificates_cert_dest }}"
   perms       = 0700
-  user        = "vault"
-  group       = "vault"
+  user        = "{{ renew_vault_certificates_vault_user }}"
+  group       = "{{ renew_vault_certificates_vault_group }}"
   command     = "sh -c 'date && pkill -SIGHUP vault'"
 }
 
 template {
-  source      = "/etc/consul-template/ednz.key.tpl"
-  destination = "/opt/vault/tls/ednz.key"
+  source      = "{{ renew_vault_certificates_config_dir }}/vault_key.pem.tpl"
+  destination = "{{ renew_vault_certificates_key_dest }}"
   perms       = 0700
-  user        = "vault"
-  group       = "vault"
+  user        = "{{ renew_vault_certificates_vault_user }}"
+  group       = "{{ renew_vault_certificates_vault_group }}"
   command     = "sh -c 'date && pkill -SIGHUP vault'"
 }
-
-template {
-  source      = "/etc/consul-template/ca.crt.tpl"
-  destination = "/opt/vault/tls/ca.crt"
-  user        = "vault"
-  group       = "vault"
-}