From b523cf86c8cbedb43cf625a1a847ca828afd5fba Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 13 Oct 2019 17:29:11 +0200 Subject: nextcloud basic installation is finally working properly --- roles/nginx/tasks/acme.yml | 44 ------------------------------ roles/nginx/tasks/main.yml | 68 ---------------------------------------------- 2 files changed, 112 deletions(-) delete mode 100644 roles/nginx/tasks/acme.yml delete mode 100644 roles/nginx/tasks/main.yml (limited to 'roles/nginx/tasks') diff --git a/roles/nginx/tasks/acme.yml b/roles/nginx/tasks/acme.yml deleted file mode 100644 index b8ab7879..00000000 --- a/roles/nginx/tasks/acme.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: check if acme certs already exist - loop: "{{ item.value.hostnames }}" - loop_control: - loop_var: acme_hostname - stat: - path: "/var/lib/acme/live/{{ acme_hostname }}" - register: acme_cert_stat - -- name: set acmecert_missing_hostnames variable - set_fact: - acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(item.value.hostnames) }}" - -- name: link nonexistent hostnames to self-signed interim cert - when: acmecert_missing_hostnames | length > 0 - block: - - name: get id of existing selfsigned interim certificate - command: cat /var/lib/acme/.selfsigned-interim-cert - changed_when: false - check_mode: false - register: selfsigned_interim_cert_id - - - name: set selfsigned_interim_cert_id variable - set_fact: - selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" - - - name: link to snakeoil cert for nonexistent hostnames - loop: "{{ acmecert_missing_hostnames }}" - loop_control: - loop_var: acme_missing_hostname - file: - src: "../certs/{{ selfsigned_interim_cert_id }}" - dest: "/var/lib/acme/live/{{ acme_missing_hostname }}" - state: link - -- name: make sure nginx config has been (re)loaded - meta: flush_handlers - -- name: get certificate using acmetool - import_role: - name: acmetool/cert - vars: - acmetool_cert_name: "{{ item.value.hostnames[0] }}" - acmetool_cert_hostnames: "{{ item.value.hostnames }}" diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml deleted file mode 100644 index 57816cea..00000000 --- a/roles/nginx/tasks/main.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -- name: install nginx - apt: - name: "{{ nginx_pkg_variant }}" - state: present - -- name: remove nginx default config - file: - name: /etc/nginx/sites-enabled/default - state: absent - notify: restart nginx - -- name: install nginx config.d files - loop: "{{ nginx_conf_d_files }}" - copy: - src: "conf.d/{{ item }}.conf" - dest: /etc/nginx/conf.d/ - notify: restart nginx - -- name: install nginx config snippets - loop: "{{ nginx_snippets }}" - copy: - src: "snippets/{{ item }}.conf" - dest: /etc/nginx/snippets/ - notify: restart nginx - -- name: generate Diffie-Hellman parameters - openssl_dhparam: - path: /etc/ssl/dhparams.pem - size: 2048 - notify: restart nginx - -- name: install nginx configs from template - loop: "{{ nginx_vhosts | dict2items }}" - loop_control: - label: "{{ item.key }}" - when: "'template' in item.value" - template: - src: "{{ item.value.template }}.conf.j2" - dest: "/etc/nginx/sites-available/{{ item.key }}" - notify: restart nginx - -- name: install nginx configs from config data - loop: "{{ nginx_vhosts | dict2items }}" - loop_control: - label: "{{ item.key }}" - when: "'content' in item.value" - copy: - content: "{{ item.value.content }}" - dest: "/etc/nginx/sites-available/{{ item.key }}" - notify: restart nginx - -- name: enable vhost config - loop: "{{ nginx_vhosts | dict2items }}" - loop_control: - label: "{{ item.key }}" - file: - src: "../sites-available/{{ item.key }}" - dest: "/etc/nginx/sites-enabled/{{ item.key }}" - state: link - notify: restart nginx - -- name: generate acme certificate - loop: "{{ nginx_vhosts | dict2items }}" - loop_control: - label: "{{ item.key }} ({{ item.value.hostnames | default([]) | join(', ') }})" - when: "'acme' in item.value and item.value.acme" - include_tasks: acme.yml -- cgit v1.2.3