From 5a67f059c3133105c233855165ba3f1435f80903 Mon Sep 17 00:00:00 2001 From: L3D Date: Thu, 4 Feb 2021 18:22:01 +0100 Subject: [PATCH] improve acmetool enable/disable --- tasks/acme.yml | 20 +++----------------- tasks/main.yml | 4 +--- tasks/single_site.yml | 36 +++++++++--------------------------- 3 files changed, 13 insertions(+), 47 deletions(-) diff --git a/tasks/acme.yml b/tasks/acme.yml index b54700f..9db9f89 100644 --- a/tasks/acme.yml +++ b/tasks/acme.yml @@ -1,38 +1,24 @@ --- - - name: Copy shell script to enable tls sites + become: true copy: src: 'files/acmetool/enable_tls.sh' dest: '/etc/acme/hooks/enable_tls.sh' owner: root group: root mode: 'u=rx,g=r,o=' - tags: - - configuration - - acme - - name: Get certificate for default server + become: true command: acmetool want '{{ inventory_hostname }}' args: creates: '/var/lib/acme/live/{{ inventory_hostname }}' - tags: - - configuration - - acme - - certificates - - operation - - name: Get certificates for all configured sites - #command: acmetool want '{{ site.name }}' '{{ site.altnames | default([]) | join(" ") }}' + become: true command: acmetool want '{{ ([site.name] + (site.altnames | default([]) )) | join(" ") }}' args: creates: '/var/lib/acme/live/{{ site.name }}/' with_items: '{{ nginx_sites }}' loop_control: loop_var: site - tags: - - configuration - - acme - - certificates - - operation diff --git a/tasks/main.yml b/tasks/main.yml index c94ea0c..3e65c62 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -31,6 +31,4 @@ - name: Configure acmetool and obtain certificates include_tasks: acme.yml - tags: - - configuration - - acme + when: nginx__acmetool_enabled diff --git a/tasks/single_site.yml b/tasks/single_site.yml index 5ee676d..9cb08a4 100644 --- a/tasks/single_site.yml +++ b/tasks/single_site.yml @@ -7,7 +7,6 @@ owner: root group: root mode: 'u=rw,g=r,o=r' - #when: site.http_plain_template | default(True) notify: - systemctl reload nginx @@ -19,7 +18,6 @@ owner: root group: root mode: 'u=rw,g=r,o=r' - #when: not site.redirect_target | default(True) notify: - systemctl reload nginx @@ -56,23 +54,6 @@ notify: - systemctl reload nginx -#- name: Copy additional per site '{{ site.name }}' snippet files -# become: true -# template: -# src: 'files/nginx/snippets/{{ item }}' -# dest: '/etc/nginx/snippets/{{ item }}' -# owner: root -# group: root -# mode: 'u=rw,g=r,o=r' -# with_items: '{{ site.snippets }}' -# when: site.snippets | default([]) -# notify: -# - systemctl reload nginx -# tags: -# - configuration -# - nginx -# - sites - - name: Enable '{{ site.name }}' site plain http configuration become: true file: @@ -84,11 +65,12 @@ - systemctl reload nginx # Note: done by acmetool after sucessfully obtaining a suitable certificate -#- name: Enable '{{ site.name }}' site tls configuration -# become: true -# file: -# src: '/etc/nginx/sites-available/{{ site.name }}_tls' -# dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls' -# state: link -# notify: -# - systemctl reload nginx +- name: Enable '{{ site.name }}' site tls configuration + become: true + file: + src: '/etc/nginx/sites-available/{{ site.name }}_tls' + dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls' + state: link + notify: + - systemctl reload nginx + when: not nginx__acmetool_enabled