diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-08-27 22:25:03 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-08-27 22:25:03 +0200 |
commit | 2159ea6ceb34366b7393f85110b513790ee54eee (patch) | |
tree | ad44e96f0c52ce8a164c9dcb7bf5faa0812d0b40 /roles/apps/collabora/code/instance/tasks/main.yml | |
parent | collabora/code: move to new-style app layout and generic storage config (diff) |
collabora/code: migrate app to new publish framework
Diffstat (limited to 'roles/apps/collabora/code/instance/tasks/main.yml')
-rw-r--r-- | roles/apps/collabora/code/instance/tasks/main.yml | 53 |
1 files changed, 47 insertions, 6 deletions
diff --git a/roles/apps/collabora/code/instance/tasks/main.yml b/roles/apps/collabora/code/instance/tasks/main.yml index eed473a0..b0470a5b 100644 --- a/roles/apps/collabora/code/instance/tasks/main.yml +++ b/roles/apps/collabora/code/instance/tasks/main.yml @@ -19,6 +19,39 @@ src: "config/coolwsd.{{ collabora_code_instances[collabora_code_instance].version }}.xml.j2" dest: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml" +- name: generate/install TLS certificates for publishment + vars: + x509_certificate_name: "collabora-code-{{ collabora_code_instance }}_publish" + x509_certificate_hostnames: [] + x509_certificate_config: + ca: "{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_ca_config }}" + cert: + common_name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}" + extended_key_usage: + - serverAuth + extended_key_usage_critical: yes + create_subject_key_identifier: yes + not_after: +100w + x509_certificate_renewal: + install: + - dest: "{{ collabora_code_instance_basepath }}/config/ca-chain.cert.pem" + src: + - ca_cert + mode: "0400" + owner: 100 + - dest: "{{ collabora_code_instance_basepath }}/config/cert.pem" + src: + - cert + mode: "0400" + owner: 100 + - dest: "{{ collabora_code_instance_basepath }}/config/key.pem" + src: + - key + owner: 100 + mode: "0400" + include_role: + name: "x509/{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_provider }}/cert" + - name: build custom image when: "'custom_image' in collabora_code_instances[collabora_code_instance]" include_tasks: custom-image.yml @@ -40,15 +73,23 @@ set_fact: collabora_code_nginx_vhost_custom: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" -- name: configure nginx vhost +- name: configure nginx vhost for publishment vars: - nginx_vhost: - name: "collabora-code-{{ collabora_code_instance }}" + nginx_vhost__yaml: | + name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}" template: generic + {% if 'tls' in collabora_code_instances[collabora_code_instance].publish %} tls: - certificate_provider: "{{ acme_client }}" + {{ collabora_code_instances[collabora_code_instance].publish.tls | to_nice_yaml(indent=2) | indent(2) }} + {% endif %} hostnames: - - "{{ collabora_code_instances[collabora_code_instance].hostname }}" - custom: "{{ collabora_code_nginx_vhost_custom }}" + {% for hostname in collabora_code_instances[collabora_code_instance].publish.hostnames %} + - {{ hostname }} + {% endfor %} + custom: | + {{ collabora_code_nginx_vhost_custom | indent(2) }} + nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}" include_role: name: nginx/vhost + apply: + delegate_to: "{{ collabora_code_instances[collabora_code_instance].publish.zone.publisher }}" |