ansible/ansible_role_nginx
1
0
Fork 0
mirror of https://github.com/DO1JLR/ansible_role_nginx.git synced 2024-08-16 16:19:48 +02:00
Code Releases Activity

improve acmetool enable/disable

Browse source
This commit is contained in:
L3D 2021-02-04 18:22:01 +01:00
parent f4687d7a1f
commit 5a67f059c3
Signed by: l3d
GPG key ID: CD08445BFF4313D1
3 changed files with 13 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
tasks/acme.yml
View file

@ -1,38 +1,24 @@
--- ---
- name: Copy shell script to enable tls sites - name: Copy shell script to enable tls sites
become: true
copy: copy:
src: 'files/acmetool/enable_tls.sh' src: 'files/acmetool/enable_tls.sh'
dest: '/etc/acme/hooks/enable_tls.sh' dest: '/etc/acme/hooks/enable_tls.sh'
owner: root owner: root
group: root group: root
mode: 'u=rx,g=r,o=' mode: 'u=rx,g=r,o='
tags:
- configuration
- acme
- name: Get certificate for default server - name: Get certificate for default server
become: true
command: acmetool want '{{ inventory_hostname }}' command: acmetool want '{{ inventory_hostname }}'
args: args:
creates: '/var/lib/acme/live/{{ inventory_hostname }}' creates: '/var/lib/acme/live/{{ inventory_hostname }}'
tags:
- configuration
- acme
- certificates
- operation
- name: Get certificates for all configured sites - name: Get certificates for all configured sites
#command: acmetool want '{{ site.name }}' '{{ site.altnames | default([]) | join(" ") }}' become: true
command: acmetool want '{{ ([site.name] + (site.altnames | default([]) )) | join(" ") }}' command: acmetool want '{{ ([site.name] + (site.altnames | default([]) )) | join(" ") }}'
args: args:
creates: '/var/lib/acme/live/{{ site.name }}/' creates: '/var/lib/acme/live/{{ site.name }}/'
with_items: '{{ nginx_sites }}' with_items: '{{ nginx_sites }}'
loop_control: loop_control:
loop_var: site loop_var: site
tags:
- configuration
- acme
- certificates
- operation

4
tasks/main.yml
View file

@ -31,6 +31,4 @@
- name: Configure acmetool and obtain certificates - name: Configure acmetool and obtain certificates
include_tasks: acme.yml include_tasks: acme.yml
tags: when: nginx__acmetool_enabled
- configuration
- acme

36
tasks/single_site.yml
View file

@ -7,7 +7,6 @@
owner: root owner: root
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
#when: site.http_plain_template | default(True)
notify: notify:
- systemctl reload nginx - systemctl reload nginx
@ -19,7 +18,6 @@
owner: root owner: root
group: root group: root
mode: 'u=rw,g=r,o=r' mode: 'u=rw,g=r,o=r'
#when: not site.redirect_target | default(True)
notify: notify:
- systemctl reload nginx - systemctl reload nginx
@ -56,23 +54,6 @@
notify: notify:
- systemctl reload nginx - systemctl reload nginx
#- name: Copy additional per site '{{ site.name }}' snippet files
# become: true
# template:
# src: 'files/nginx/snippets/{{ item }}'
# dest: '/etc/nginx/snippets/{{ item }}'
# owner: root
# group: root
# mode: 'u=rw,g=r,o=r'
# with_items: '{{ site.snippets }}'
# when: site.snippets | default([])
# notify:
# - systemctl reload nginx
# tags:
# - configuration
# - nginx
# - sites
- name: Enable '{{ site.name }}' site plain http configuration - name: Enable '{{ site.name }}' site plain http configuration
become: true become: true
file: file:
@ -84,11 +65,12 @@
- systemctl reload nginx - systemctl reload nginx
# Note: done by acmetool after sucessfully obtaining a suitable certificate # Note: done by acmetool after sucessfully obtaining a suitable certificate
#- name: Enable '{{ site.name }}' site tls configuration - name: Enable '{{ site.name }}' site tls configuration
# become: true become: true
# file: file:
# src: '/etc/nginx/sites-available/{{ site.name }}_tls' src: '/etc/nginx/sites-available/{{ site.name }}_tls'
# dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls' dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
# state: link state: link
# notify: notify:
# - systemctl reload nginx - systemctl reload nginx
when: not nginx__acmetool_enabled