From df760d20353762064005594cea6955af8a7135f2 Mon Sep 17 00:00:00 2001
From: Alex <caskd@420blaze.it>
Date: Sun, 24 May 2020 14:38:44 +0200
Subject: [PATCH] Initial commit

---
 .gitignore              |  1 +
 tasks/main.yml          | 15 +++++++++++++++
 templates/hitch.conf.j2 |  4 ++++
 3 files changed, 20 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 tasks/main.yml
 create mode 100644 templates/hitch.conf.j2

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4dc51e8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+vault/
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..57cc887
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: Include sensitive info
+  include_vars:
+        dir: '{{ role_path }}/vault'
+  tags:
+        - vault
+        - hitch
+- name: Copy Hitch configuration
+  template:
+        follow: yes
+        src: 'hitch.conf.j2'
+        dest: /etc/hitch/hitch.conf
+  notify: Run service actions
+  tags:
+        - hitch
+        - configs
diff --git a/templates/hitch.conf.j2 b/templates/hitch.conf.j2
new file mode 100644
index 0000000..6f2b69d
--- /dev/null
+++ b/templates/hitch.conf.j2
@@ -0,0 +1,4 @@
+#alpn-protos = "h2,http/1.1"
+tls-protos = TLSv1.1 TLSv1.2
+ciphers = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
+pem-file = "/etc/ssl/private/cert.pem"