SSL for nginx - ongoing

a5403912 · Reimar Unger · 0ed7e821 · a5403912 · a5403912 · a5403912
Commit a5403912 authored Jul 23, 2021 by Reimar Unger
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
 ---
 - name: Converge
  hosts: all
+  vars:
+    system_config_directory: "/etc"
+    www_ssl_priv_key: "/tmp/ssl_priv_key.pem"
+    www_ssl_cert: "/tmp/ssl_pub_key.pem"
  tasks:
    - name: "test install package.www"
      sdm.oor.call_role:

--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -12,13 +12,13 @@
  block:
    - name: "get stat of SSL private directory"
      ansible.builtin.stat:
-        path: "{{ '%s/ssl/private' | format(system_config_directory) }"
+        path: "{{ '%s/ssl/private' | format(system_config_directory) }}"
      register: _stat_sslprivdir
    - name: "install SSL private key"
      ansible.builtin.copy:
        src: "{{ www_ssl_priv_key }}"
-        dst: "{{ www_ssl_priv_key_dest_path }}"
+        dest: "{{ www_ssl_priv_key_dest_path }}"
        mode: 0640
        owner: "{{ _stat_sslprivdir.stat.pw_name }}"
        group: "{{ _stat_sslprivdir.stat.gr_name }}"
@@ -31,22 +31,22 @@
    - name: "install SSL certificate"
      ansible.builtin.copy:
        src: "{{ www_ssl_cert }}"
-        dst: "{{ www_ssl_cert_dest_path }}"
+        dest: "{{ www_ssl_cert_dest_path }}"
        mode: 0644
-        owner: "{{ _stat_sslcertdir.stat.pw_name }}"
+        owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
-        group: "{{ _stat_sslcertdir.stat.gr_name }}"
+        group: "{{ _stat_sslcertsdir.stat.gr_name }}"
    - name: "install SSL CA certificate"
      ansible.builtin.copy:
        src: "{{ www_ssl_ca_cert }}"
-        dst: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_ca_cert) }}"
+        dest: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_ca_cert) }}"
        mode: 0644
-        owner: "{{ _stat_sslcertdir.stat.pw_name }}"
+        owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
-        group: "{{ _stat_sslcertdir.stat.gr_name }}"
+        group: "{{ _stat_sslcertsdir.stat.gr_name }}"
      when: (www_ssl_ca_cert | length) > 0
  when: (www_ssl_priv_key | length) > 0 and  (www_ssl_cert | length) > 0
  notify:
-    - "reload service"
+    - "reload services"
 - name: "execute inherited configure"
  sdm.oor.call_tasks:

--- a/vars/Debian-10.yml
+++ b/vars/Debian-10.yml
+---
+www_log_files: "/var/log/nginx/"
\ No newline at end of file
--- a/vars/main.yml
+++ b/vars/main.yml
 ---
 # vars file for package.www
 www_serverhostname: "nextcloud.local"
-www_ssl_cert_dest_path: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_cert) }}"
+www_ssl_cert_dest_path: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_cert | basename) }}"
-www_ssl_priv_key_dest_path: "{{ '%s/ssl/private/%s' | format(system_config_directory, www_ssl_priv_key) }}"
+www_ssl_priv_key_dest_path: "{{ '%s/ssl/private/%s' | format(system_config_directory, www_ssl_priv_key | basename) }}"
\ No newline at end of file