From d442c6f01dd9d959657b92ec42aa65dcec18918e Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Wed, 18 Dec 2024 08:57:26 +0100
Subject: [PATCH] import internal ca

---
 roles/base/tasks/system_setup/import_stepca.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 roles/base/tasks/system_setup/import_stepca.yml

diff --git a/roles/base/tasks/system_setup/import_stepca.yml b/roles/base/tasks/system_setup/import_stepca.yml
new file mode 100644
index 0000000..a7e6bc5
--- /dev/null
+++ b/roles/base/tasks/system_setup/import_stepca.yml
@@ -0,0 +1,12 @@
+- block:
+  - name: base | system setup | get step-ca certificate
+    get_url:
+      url: "https://step-ca.universe.local/roots.pem"
+      dest: "/etc/ca-certificates/trust-source/anchors/"
+
+  - name: base | system setup | import step-ca certificate
+    command:
+      cmd: "update-ca-trust"
+  become: yes
+  rescue:
+    - set_fact: task_failed=true
\ No newline at end of file