From dc7196abb128e45f90f872416a885c47d8064f28 Mon Sep 17 00:00:00 2001
From: Vitaliy Kukharik <vitabaks@gmail.com>
Date: Wed, 18 Dec 2024 13:36:50 +0500
Subject: [PATCH] tls_cert_valid_days

---
 automation/roles/tls_certificate/tasks/main.yml | 2 +-
 automation/vars/main.yml                        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/automation/roles/tls_certificate/tasks/main.yml b/automation/roles/tls_certificate/tasks/main.yml
index 135af83d2..a032e6cbd 100644
--- a/automation/roles/tls_certificate/tasks/main.yml
+++ b/automation/roles/tls_certificate/tasks/main.yml
@@ -27,4 +27,4 @@
     group: "{{ tls_owner | default('postgres') }}"
     mode: "{{ tls_cert_mode | default('0644') }}"
     provider: "{{ tls_cert_provider | default('selfsigned') }}"
-    entrust_not_after: "{{ tls_cert_entrust_not_after | default('+3650d') }}"
+    entrust_not_after: "+{{ tls_cert_valid_days | default(3650) }}d"
diff --git a/automation/vars/main.yml b/automation/vars/main.yml
index cddb53db6..4eb600936 100644
--- a/automation/vars/main.yml
+++ b/automation/vars/main.yml
@@ -176,6 +176,7 @@ consul_services:
 
 # TLS certificate (for PostgreSQL & PGBouncer)
 tls_cert_generate: true
+tls_cert_valid_days: 3650
 tls_cert_path: "{{ postgresql_home_dir }}/tls/server.crt"
 tls_privatekey_path: "{{ postgresql_home_dir }}/tls/server.key"
 tls_owner: "postgres"