Commit a5403912 authored by Reimar Unger's avatar Reimar Unger
Browse files

SSL for nginx - ongoing

parent 0ed7e821
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
vars:
system_config_directory: "/etc"
www_ssl_priv_key: "/tmp/ssl_priv_key.pem"
www_ssl_cert: "/tmp/ssl_pub_key.pem"
tasks: tasks:
- name: "test install package.www" - name: "test install package.www"
sdm.oor.call_role: sdm.oor.call_role:
......
...@@ -12,13 +12,13 @@ ...@@ -12,13 +12,13 @@
block: block:
- name: "get stat of SSL private directory" - name: "get stat of SSL private directory"
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ '%s/ssl/private' | format(system_config_directory) }" path: "{{ '%s/ssl/private' | format(system_config_directory) }}"
register: _stat_sslprivdir register: _stat_sslprivdir
- name: "install SSL private key" - name: "install SSL private key"
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ www_ssl_priv_key }}" src: "{{ www_ssl_priv_key }}"
dst: "{{ www_ssl_priv_key_dest_path }}" dest: "{{ www_ssl_priv_key_dest_path }}"
mode: 0640 mode: 0640
owner: "{{ _stat_sslprivdir.stat.pw_name }}" owner: "{{ _stat_sslprivdir.stat.pw_name }}"
group: "{{ _stat_sslprivdir.stat.gr_name }}" group: "{{ _stat_sslprivdir.stat.gr_name }}"
...@@ -31,22 +31,22 @@ ...@@ -31,22 +31,22 @@
- name: "install SSL certificate" - name: "install SSL certificate"
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ www_ssl_cert }}" src: "{{ www_ssl_cert }}"
dst: "{{ www_ssl_cert_dest_path }}" dest: "{{ www_ssl_cert_dest_path }}"
mode: 0644 mode: 0644
owner: "{{ _stat_sslcertdir.stat.pw_name }}" owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
group: "{{ _stat_sslcertdir.stat.gr_name }}" group: "{{ _stat_sslcertsdir.stat.gr_name }}"
- name: "install SSL CA certificate" - name: "install SSL CA certificate"
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ www_ssl_ca_cert }}" src: "{{ www_ssl_ca_cert }}"
dst: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_ca_cert) }}" dest: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_ca_cert) }}"
mode: 0644 mode: 0644
owner: "{{ _stat_sslcertdir.stat.pw_name }}" owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
group: "{{ _stat_sslcertdir.stat.gr_name }}" group: "{{ _stat_sslcertsdir.stat.gr_name }}"
when: (www_ssl_ca_cert | length) > 0 when: (www_ssl_ca_cert | length) > 0
when: (www_ssl_priv_key | length) > 0 and (www_ssl_cert | length) > 0 when: (www_ssl_priv_key | length) > 0 and (www_ssl_cert | length) > 0
notify: notify:
- "reload service" - "reload services"
- name: "execute inherited configure" - name: "execute inherited configure"
sdm.oor.call_tasks: sdm.oor.call_tasks:
......
---
www_log_files: "/var/log/nginx/"
\ No newline at end of file
--- ---
# vars file for package.www # vars file for package.www
www_serverhostname: "nextcloud.local" www_serverhostname: "nextcloud.local"
www_ssl_cert_dest_path: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_cert) }}" www_ssl_cert_dest_path: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_cert | basename) }}"
www_ssl_priv_key_dest_path: "{{ '%s/ssl/private/%s' | format(system_config_directory, www_ssl_priv_key) }}" www_ssl_priv_key_dest_path: "{{ '%s/ssl/private/%s' | format(system_config_directory, www_ssl_priv_key | basename) }}"
\ No newline at end of file \ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment