adfinis · JoelJoos · Jul 9, 2024 · Mar 20, 2024 · Apr 30, 2024 · Apr 30, 2024
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -30,6 +30,18 @@ bareos_dir_tls_enable: yes
 # Verify the peer.
 bareos_dir_tls_verify_peer: no
 
+# The path of the CA certificate file.
+bareos_dir_tls_ca_cert_src: ""
+bareos_dir_tls_ca_cert_dest: "/etc/bareos/bareosCA.pem"
+
+# The path of the client certificate of the director
+bareos_dir_tls_cert_src: ""
+bareos_dir_tls_cert_dest: "/etc/bareos/director.pem"
+
+# The path of the client certificate key of the director
+bareos_dir_tls_cert_key_src: ""
+bareos_dir_tls_cert_key_dest: "/etc/bareos/director.key"
+
 # A list of catalogs to configure.
 bareos_dir_catalogs: []
 

diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml
@@ -39,6 +39,24 @@ argument_specs:
         type: "bool"
         default: no
         description: "Verify the peer."
+      bareos_dir_tls_ca_cert_src:
+        type: "str"
+        description: "The CA Certificate for the Director (src)"
+      bareos_dir_tls_ca_cert_dest:
+        type: "str"
+        description: "The CA Certificate for the Director (dest)"
+      bareos_dir_tls_cert_src:
+        type: "str"
+        description: "The TLS certificate of the director (src)"
+      bareos_dir_tls_cert_dest:
+        type: "str"
+        description: "The TLS certificate of the director (dest)"
+      bareos_dir_tls_cert_key_src:
+        type: "str"
+        description: "The TLS certificate key of the director (src)"
+      bareos_dir_tls_cert_key_dest:
+        type: "str"
+        description: "The TLS certificate key of the director (dest)"
       bareos_dir_catalogs:
         type: "list"
         default: []

diff --git a/tasks/assert.yml b/tasks/assert.yml
@@ -60,54 +60,41 @@
       - bareos_dir_tls_verify_peer is boolean
     quiet: true
 
-- name: assert | Test bareos_dir_catalogs
+- name: assert | Test bareos_dir_tls_ca_cert_src
   ansible.builtin.assert:
     that:
-      - bareos_dir_catalogs is defined
-      - bareos_dir_catalogs is iterable
-    quiet: true
+      - bareos_dir_tls_ca_cert_src is defined
+      - bareos_dir_tls_ca_cert_src is string
 
-- name: assert | Test bareos_dir_consoles
+- name: assert | Test bareos_dir_tls_ca_cert_dest
   ansible.builtin.assert:
     that:
-      - bareos_dir_consoles is defined
-      - bareos_dir_consoles is iterable
-    quiet: true
+      - bareos_dir_tls_ca_cert_dest is defined
+      - bareos_dir_tls_ca_cert_dest is string
 
-- name: assert | Test bareos_dir_clients
+- name: assert | Test bareos_dir_tls_cert_src
   ansible.builtin.assert:
     that:
-      - bareos_dir_clients is defined
-      - bareos_dir_clients is iterable
-    quiet: true
+      - bareos_dir_tls_cert_src is defined
+      - bareos_dir_tls_cert_src is string
 
-- name: assert | Test bareos_dir_filesets
+- name: assert | Test bareos_dir_tls_cert_dest
   ansible.builtin.assert:
     that:
-      - bareos_dir_filesets is defined
-      - bareos_dir_filesets is iterable
-    quiet: true
+      - bareos_dir_tls_cert_dest is defined
+      - bareos_dir_tls_cert_dest is string
 
-- name: assert | Test bareos_dir_jobdefs
+- name: assert | Test bareos_dir_tls_cert_key_src
   ansible.builtin.assert:
     that:
-      - bareos_dir_jobdefs is defined
-      - bareos_dir_jobdefs is iterable
-    quiet: true
+      - bareos_dir_tls_cert_key_src is defined
+      - bareos_dir_tls_cert_key_src is string
 
-- name: assert | Test bareos_dir_jobs
-  ansible.builtin.assert:
-    that:
-      - bareos_dir_jobs is defined
-      - bareos_dir_jobs is iterable
-    quiet: true
-
-- name: assert | Test bareos_dir_messages
+- name: assert | Test bareos_dir_tls_cert_key_dest
   ansible.builtin.assert:
     that:
-      - bareos_dir_messages is defined
-      - bareos_dir_messages is iterable
-    quiet: true
+      - bareos_dir_tls_cert_key_dest is defined
+      - bareos_dir_tls_cert_key_dest is string
 
 - name: assert | Test bareos_dir_pools
   ansible.builtin.assert:
@@ -143,3 +130,51 @@
       - bareos_dir_install_debug_packages is defined
       - bareos_dir_install_debug_packages is boolean
     quiet: true
+
+
+- name: assert | Test bareos_dir_catalogs
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_catalogs is defined
+      - bareos_dir_catalogs is iterable
+    quiet: true
+
+- name: assert | Test bareos_dir_consoles
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_consoles is defined
+      - bareos_dir_consoles is iterable
+    quiet: true
+
+- name: assert | Test bareos_dir_clients
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_clients is defined
+      - bareos_dir_clients is iterable
+    quiet: true
+
+- name: assert | Test bareos_dir_filesets
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_filesets is defined
+      - bareos_dir_filesets is iterable
+    quiet: true
+
+- name: assert | Test bareos_dir_jobdefs
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_jobdefs is defined
+      - bareos_dir_jobdefs is iterable
+    quiet: true
+
+- name: assert | Test bareos_dir_jobs
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_jobs is defined
+      - bareos_dir_jobs is iterable
+    quiet: true
+
+- name: assert | Test bareos_dir_messages
+  ansible.builtin.assert:
+    that:
+      - bareos_dir_messages is defined
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -53,6 +53,28 @@
 - name: Run handlers
   ansible.builtin.meta: flush_handlers
 
+- name: Place TLS certificates
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: bareos
+    group: bareos
+    mode: "0640"
+    backup: "{{ bareos_dir_backup_configurations }}"
+  loop:
+    - src: bareos_dir_tls_ca_cert_src
+      dest: bareos_dir_tls_ca_cert_dest
+    - src: bareos_dir_tls_cert_src
+      dest: bareos_dir_tls_cert_dest
+    - src: bareos_dir_tls_cert_key_src
+      dest: bareos_dir_tls_cert_key_dest
+  when:
+    - bareos_dir_tls_enable
+    - bareos_dir_tls_enable
+    - bareos_dir_tls_ca_cert.src != ""
+    - bareos_dir_tls_cert.src != ""
+    - bareos_dir_tls_cert_key.src != ""
+
 - name: Place bareos-dir.conf
   ansible.builtin.template:
     src: bareos-dir.conf.j2

diff --git a/templates/bareos-dir.conf.j2 b/templates/bareos-dir.conf.j2
@@ -18,4 +18,13 @@ Director {
   Plugin Names = "{{ bareos_dir_plugin_name }}"
   Plugin Directory = "{{ bareos_dir_plugin_dir }}"
 {% endif %}
+{% if bareos_dir_tls_ca_cert_dest is defined and bareos_dir_tls_ca_cert_dest != "" %}
+  TLS CA Certificate File = "{{ bareos_dir_tls_ca_cert_dest }}"
+{% endif %}
+{% if bareos_dir_tls_cert_dest is defined and bareos_dir_tls_cert_dest != "" %}
+  TLS Certificate = "{{ bareos_dir_tls_cert_dest }}"
+{% endif %}
+{% if bareos_dir_tls_cert_key_dest is defined and bareos_dir_tls_cert_key_dest != "" %}
+  TLS Key = "{{ bareos_dir_tls_cert_key_dest }}"
+{% endif %}
 }