move cert path

ansible/protocols/oc/ocserv-pre.yaml

@@ -6,6 +6,7 @@
   with_items:
     - config-per-user
     - env-per-user
+    - certs
 - name: ocserv.conf
   template:
     src: ./ocserv.conf.j2
@@ -22,7 +23,7 @@
 - name: ocserv certs
   synchronize:
     src: ../certs/{{ocservCert}}/
-    dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/certs'
+    dest: '{{ansible_user_dir}}/nextgen-network/services/ocserv/certs/{{ocservCert}}'
     delete: yes
     copy_links: yes
     verify_host: no

ansible/protocols/oc/ocserv.conf.j2

@@ -5,9 +5,9 @@ udp-port = {{ocservPort}}
 run-as-user = nobody
 run-as-group = daemon
 socket-file = /run/ocserv.socket
-server-cert = /etc/ssl/certs/fullchain.pem
-server-key = /etc/ssl/certs/privkey.pem
-dh-params = /etc/ssl/certs/dhparam.pem
+server-cert = /etc/ssl/certs/{{ocervCert}}/fullchain.pem
+server-key = /etc/ssl/certs/{{ocervCert}}/privkey.pem
+dh-params = /etc/ssl/certs/{{ocervCert}}/dhparam.pem
 isolate-workers = true
 server-stats-reset-time = 604800
 keepalive = 300

src/inventory.ts

@@ -291,7 +291,7 @@ class InventoryBuilder {
             './ocserv/config-per-user:/etc/ocserv/config-per-user:ro',
             './ocserv/env-per-user:/etc/ocserv/env-per-user:ro',
             './ocserv/ocpasswd:/etc/ocserv/ocpasswd:ro',
-            './ocserv/certs:/etc/ssl/certs:ro',
+            `./ocserv/certs/${local.ocservCert}:/etc/ssl/certs/${local.ocservCert}:ro`,
             '$HOME/nextgen-network/scripts:$HOME/nextgen-network/scripts:ro'
           ]
         };