1 files changed, 47 insertions, 6 deletions

diff --git a/roles/apps/collabora/code/instance/tasks/main.yml b/roles/apps/collabora/code/instance/tasks/main.yml
index eed473a0..b0470a5b 100644
--- a/roles/apps/collabora/code/instance/tasks/main.yml
+++ b/roles/apps/collabora/code/instance/tasks/main.yml
@@ -19,6 +19,39 @@
     src: "config/coolwsd.{{ collabora_code_instances[collabora_code_instance].version }}.xml.j2"
     dest: "{{ collabora_code_instance_basepath }}/config/coolwsd.xml"
 
+- name: generate/install TLS certificates for publishment
+  vars:
+    x509_certificate_name: "collabora-code-{{ collabora_code_instance }}_publish"
+    x509_certificate_hostnames: []
+    x509_certificate_config:
+      ca: "{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_ca_config }}"
+      cert:
+        common_name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}"
+        extended_key_usage:
+        - serverAuth
+        extended_key_usage_critical: yes
+        create_subject_key_identifier: yes
+        not_after: +100w
+    x509_certificate_renewal:
+      install:
+      - dest: "{{ collabora_code_instance_basepath }}/config/ca-chain.cert.pem"
+        src:
+        - ca_cert
+        mode: "0400"
+        owner: 100
+      - dest: "{{ collabora_code_instance_basepath }}/config/cert.pem"
+        src:
+        - cert
+        mode: "0400"
+        owner: 100
+      - dest: "{{ collabora_code_instance_basepath }}/config/key.pem"
+        src:
+        - key
+        owner: 100
+        mode: "0400"
+  include_role:
+    name: "x509/{{ collabora_code_instances[collabora_code_instance].publish.zone.certificate_provider }}/cert"
+
 - name: build custom image
   when: "'custom_image' in collabora_code_instances[collabora_code_instance]"
   include_tasks: custom-image.yml
@@ -40,15 +73,23 @@
   set_fact:
     collabora_code_nginx_vhost_custom: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
 
-- name: configure nginx vhost
+- name: configure nginx vhost for publishment
   vars:
-    nginx_vhost:
-      name: "collabora-code-{{ collabora_code_instance }}"
+    nginx_vhost__yaml: |
+      name: "collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}"
       template: generic
+      {% if 'tls' in collabora_code_instances[collabora_code_instance].publish %}
       tls:
-        certificate_provider: "{{ acme_client }}"
+        {{ collabora_code_instances[collabora_code_instance].publish.tls | to_nice_yaml(indent=2) | indent(2) }}
+      {% endif %}
       hostnames:
-      - "{{ collabora_code_instances[collabora_code_instance].hostname }}"
-      custom: "{{ collabora_code_nginx_vhost_custom }}"
+      {% for hostname in collabora_code_instances[collabora_code_instance].publish.hostnames %}
+      - {{ hostname }}
+      {% endfor %}
+      custom: |
+        {{ collabora_code_nginx_vhost_custom | indent(2) }}
+    nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}"
   include_role:
     name: nginx/vhost
+    apply:
+      delegate_to: "{{ collabora_code_instances[collabora_code_instance].publish.zone.publisher }}"