1 files changed, 22 insertions, 2 deletions

diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml
index d757b5d..d460c51 100644
--- a/ansible/roles/trove-setup/tasks/lighttpd.yml
+++ b/ansible/roles/trove-setup/tasks/lighttpd.yml
@@ -7,12 +7,32 @@
               -keyout /etc/lighttpd/certs/lighttpd.pem \
               -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes
          creates=/etc/lighttpd/certs/lighttpd.pem
+  when: TROVE_SSL_PEMFILE is not defined
+
+- name: Copy pemfile certificate for lighttpd if provided
+  copy:
+    src: "{{ TROVE_SSL_PEMFILE }}"
+    dest: /etc/lighttpd/certs/lighttpd.pem
+    mode: 0400
+  when: TROVE_SSL_PEMFILE is defined
+
+- name: Copy ca-certs certificate for lighttpd if provided
+  copy:
+    src: "{{ TROVE_SSL_CA_FILE }}"
+    dest: /etc/lighttpd/certs/ca-certs.pem
+    mode: 0400
+  when: TROVE_SSL_CA_FILE is defined
 
 - name: Create /var/run/lighttpd for cache user
   file: path=/var/run/lighttpd state=directory owner=cache group=cache
 
-# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can
-# enable the lighttpd-git service
+- name: Create git-httpd.conf from template
+  template:
+    src: lighttpd/git-httpd.conf
+    dest: /etc/lighttpd/git-httpd.conf
+
+# Now that the lighttpd certificates, configuration files and /var/run/lighttpd
+# exist, we can enable the lighttpd-git service
 - name: Enable lighttpd-git service
   service: name=lighttpd-git.service enabled=yes
   register: lighttpd_git_service