Commit a5403912 authored by Reimar Unger's avatar Reimar Unger
Browse files

SSL for nginx - ongoing

parent 0ed7e821
---
- name: Converge
hosts: all
vars:
system_config_directory: "/etc"
www_ssl_priv_key: "/tmp/ssl_priv_key.pem"
www_ssl_cert: "/tmp/ssl_pub_key.pem"
tasks:
- name: "test install package.www"
sdm.oor.call_role:
......
......@@ -12,13 +12,13 @@
block:
- name: "get stat of SSL private directory"
ansible.builtin.stat:
path: "{{ '%s/ssl/private' | format(system_config_directory) }"
path: "{{ '%s/ssl/private' | format(system_config_directory) }}"
register: _stat_sslprivdir
- name: "install SSL private key"
ansible.builtin.copy:
src: "{{ www_ssl_priv_key }}"
dst: "{{ www_ssl_priv_key_dest_path }}"
dest: "{{ www_ssl_priv_key_dest_path }}"
mode: 0640
owner: "{{ _stat_sslprivdir.stat.pw_name }}"
group: "{{ _stat_sslprivdir.stat.gr_name }}"
......@@ -31,22 +31,22 @@
- name: "install SSL certificate"
ansible.builtin.copy:
src: "{{ www_ssl_cert }}"
dst: "{{ www_ssl_cert_dest_path }}"
dest: "{{ www_ssl_cert_dest_path }}"
mode: 0644
owner: "{{ _stat_sslcertdir.stat.pw_name }}"
group: "{{ _stat_sslcertdir.stat.gr_name }}"
owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
group: "{{ _stat_sslcertsdir.stat.gr_name }}"
- name: "install SSL CA certificate"
ansible.builtin.copy:
src: "{{ www_ssl_ca_cert }}"
dst: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_ca_cert) }}"
dest: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_ca_cert) }}"
mode: 0644
owner: "{{ _stat_sslcertdir.stat.pw_name }}"
group: "{{ _stat_sslcertdir.stat.gr_name }}"
owner: "{{ _stat_sslcertsdir.stat.pw_name }}"
group: "{{ _stat_sslcertsdir.stat.gr_name }}"
when: (www_ssl_ca_cert | length) > 0
when: (www_ssl_priv_key | length) > 0 and (www_ssl_cert | length) > 0
notify:
- "reload service"
- "reload services"
- name: "execute inherited configure"
sdm.oor.call_tasks:
......
---
www_log_files: "/var/log/nginx/"
\ No newline at end of file
---
# vars file for package.www
www_serverhostname: "nextcloud.local"
www_ssl_cert_dest_path: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_cert) }}"
www_ssl_priv_key_dest_path: "{{ '%s/ssl/private/%s' | format(system_config_directory, www_ssl_priv_key) }}"
\ No newline at end of file
www_ssl_cert_dest_path: "{{ '%s/ssl/certs/%s' | format(system_config_directory, www_ssl_cert | basename) }}"
www_ssl_priv_key_dest_path: "{{ '%s/ssl/private/%s' | format(system_config_directory, www_ssl_priv_key | basename) }}"
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment