1 files changed, 31 insertions, 0 deletions

diff --git a/deploy-ca.yml b/deploy-ca.yml
new file mode 100644
index 0000000..699fc5f
--- /dev/null
+++ b/deploy-ca.yml
@@ -0,0 +1,31 @@
+- name: add acme CA
+  hosts: ca
+  become: yes
+  roles:
+    - role: maxhoesel.smallstep.step_ca
+  tasks:
+    - name: add an acme provisioner to the ca
+      maxhoesel.smallstep.step_ca_provisioner:
+        name: ACME
+        type: ACME
+      become_user: step-ca
+    - name: restart step-ca
+      ansible.builtin.systemd_service: 
+        name: step-ca
+        state: restarted 
+        enabled: true 
+    - name: allow step-ca port traffic on vpn
+      ufw:
+        rule: allow
+        from: 100.64.0.0/10
+        port: "{{ step_ca_port }}" 
+    - name: restart ufw
+      ansible.builtin.systemd_service: 
+        name: ufw
+        state: restarted 
+        enabled: true 
+
+- name: configure trust to internal ca on all hosts
+  hosts: all
+  roles:
+    - ca