Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Reimar Unger
package.www
Commits
d8b8d8c7
Commit
d8b8d8c7
authored
Sep 10, 2021
by
Reimar Unger
Browse files
include all changes from sdm
parent
4c0b7eb0
Changes
7
Show whitespace changes
Inline
Side-by-side
README.md
View file @
d8b8d8c7
...
...
@@ -54,10 +54,17 @@ Variables
*
The SSL CA certificate for the service.
*
default: ""
*
www_serverhostname:
*
www_ssl_selfsigned:
*
description:
*
This option specifies if selfsigned SSL certificates are used.
*
If it is
`true`
the selfsigned SSL certificates are generated.
*
choices: [false, true]
*
default: false
*
www_servername:
*
description:
*
The default name of der www hostname.
*
default: "
nextcloud.local
"
*
default: "
{{ inventory_hostname }}
"
*
www_ssl_cert_dest_path:
*
description:
...
...
@@ -84,6 +91,12 @@ Variables
*
The standard log-file directory
*
default: "/var/log/nginx/"
*
www_php_enable
*
description:
*
If this option is
`true`
, the PHP FPM will be installed.
*
choices: [false, true]
*
default: true
Processes
=========
...
...
@@ -91,11 +104,13 @@ main
----
1.
create www group
2.
create www user
3.
install PHP if www_php_enable is
`true`
configure
---------
1.
create and configure www directory
2.
configure SSL if www_ssl_priv_key and www_ssl_cert are set
2.
configure PHP if www_php_enable is
`true`
3.
configure SSL if www_ssl_priv_key and www_ssl_cert or www_ssl_selfsigned are set
License
=======
...
...
defaults/main.yml
View file @
d8b8d8c7
...
...
@@ -6,6 +6,8 @@ www_group: "www"
www_ssl_priv_key
:
"
"
www_ssl_cert
:
"
"
www_ssl_ca_cert
:
"
"
www_ssl_selfsign
:
false
www_servername
:
"
{{
inventory_hostname
}}"
www_mimetypes
:
[]
www_list_directory
:
false
www_index_files
:
[
"
index.html"
]
...
...
@@ -13,4 +15,5 @@ www_port: 80
www_ssl_port
:
443
www_hsts
:
"
no"
www_max_upload_size
:
"
512M"
www_log_files
:
"
/var/log/nginx/"
www_log_files
:
"
/var/log"
www_php_enable
:
true
molecule/default/converge.yml
View file @
d8b8d8c7
...
...
@@ -3,9 +3,7 @@
hosts
:
all
vars
:
system_config_directory
:
"
/etc"
www_ssl_priv_key
:
"
/tmp/ssl_priv_key.pem"
www_ssl_cert
:
"
/tmp/ssl_pub_key.pem"
www_ssl_selfsign
:
true
tasks
:
-
name
:
"
test
install
package.www"
sdm.oor.call_role
:
...
...
molecule/default/molecule.yml
View file @
d8b8d8c7
...
...
@@ -10,7 +10,7 @@ platforms:
-
name
:
debian
registry
:
url
:
gitlab.mn.tu-dresden.de:8000
image
:
sdmgroup/containers/debian1
0
:latest
image
:
sdmgroup/containers/debian1
1
:latest
command
:
/lib/systemd/systemd
pre_build_image
:
false
...
...
tasks/_selfsignedcerts.yml
0 → 100644
View file @
d8b8d8c7
---
-
name
:
"
generate
path
for
SSL
private
key"
sdm.oor.set_role_fact
:
www_ssl_priv_key
:
"
{{
'/tmp/ssl_priv_key_%s.pem'
|
format(inventory_hostname)
}}"
-
name
:
"
generate
path
for
SSL
certificate
key"
sdm.oor.set_role_fact
:
_www_ssl_csr
:
"
{{
'/tmp/ssl_pub_key_%s.csr'
|
format(inventory_hostname)
}}"
-
name
:
"
generate
path
for
SSL
certificate
key"
sdm.oor.set_role_fact
:
www_ssl_cert
:
"
{{
'/tmp/ssl_pub_key_%s.pem'
|
format(inventory_hostname)
}}"
-
block
:
-
name
:
"
create
SSL
private
key"
community.crypto.openssl_privatekey
:
path
:
"
{{
www_ssl_priv_key
}}"
-
name
:
"
create
certificate
signing
request
(CSR)
for
self-signed
certificate"
community.crypto.openssl_csr
:
path
:
"
{{
_www_ssl_csr
}}"
privatekey_path
:
"
{{
www_ssl_priv_key
}}"
common_name
:
"
{{
www_servername
}}"
organization_name
:
"
SDM
Framework"
-
name
:
"
create
self-signed
certificate
from
CSR"
community.crypto.x509_certificate
:
path
:
"
{{
www_ssl_cert
}}"
csr_path
:
"
{{
_www_ssl_csr
}}"
privatekey_path
:
"
{{
www_ssl_priv_key
}}"
provider
:
selfsigned
delegate_to
:
localhost
tasks/configure.yml
View file @
d8b8d8c7
...
...
@@ -8,8 +8,22 @@
group
:
"
{{
www_group
}}"
mode
:
0755
-
name
:
"
configure
PHP"
sdm.oor.call_role
:
name
:
"
package.lang.php.fpm"
tasks
:
"
configure"
vars
:
php_default_user
:
"
{{
www_user
}}"
php_default_group
:
"
{{
www_group
}}"
when
:
www_php_enable
-
name
:
"
configure
SSL"
block
:
-
name
:
"
create
selfsigned
certificate"
sdm.oor.call_tasks
:
from
:
"
_selfsignedcerts"
when
:
www_ssl_selfsigned is
true
-
name
:
"
get
stat
of
SSL
private
directory"
ansible.builtin.stat
:
path
:
"
{{
'%s/ssl/private'
|
format(system_config_directory)
}}"
...
...
@@ -44,11 +58,12 @@
owner
:
"
{{
_stat_sslcertsdir.stat.pw_name
}}"
group
:
"
{{
_stat_sslcertsdir.stat.gr_name
}}"
when
:
(www_ssl_ca_cert | length) >
0
when
:
(www_ssl_priv_key | length) > 0 and (www_ssl_cert | length) >
0
when
:
((www_ssl_priv_key | length) > 0 and (www_ssl_cert | length) > 0) or
www_ssl_selfsigned is
true
notify
:
-
"
reload
services"
-
name
:
"
execute
inherited
configure"
sdm.oor.call_tasks
:
from
:
configure
super
:
T
rue
super
:
t
rue
tasks/main.yml
View file @
d8b8d8c7
...
...
@@ -18,3 +18,12 @@
group
:
"
{{
www_group
}}"
home
:
"
{{
www_root_directory
}}"
shell
:
"
/usr/sbin/nologin"
-
name
:
"
install
PHP"
sdm.oor.call_role
:
name
:
"
package.lang.php.fpm"
tasks
:
"
main"
vars
:
php_default_user
:
"
{{
www_user
}}"
php_default_group
:
"
{{
www_group
}}"
when
:
www_php_enable is
true
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment